diff --git a/debian/changelog b/debian/changelog
index eaeec37..d3dd342 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ shim (15.8-1) UNRELEASED; urgency=medium
     + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
     + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
   * Log if the build is nx-compatible or not
+  * Force shim to use the latest revocations by default to block some
+    older grub / peimage issues. This is:
+    "shim,4\ngrub,4\ngrub.peimage,2\n"
+
 
   [ Bastien Roucariès ]
   * Port autopkgtest from ubuntu
diff --git a/debian/rules b/debian/rules
index 39d0357..5edabe1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -48,6 +48,11 @@ COMMON_OPTIONS += \
 	CC=$(DEB_HOST_GNU_TYPE)-gcc-12 \
 	$(NULL)
 
+# Force shim to use the latest revocations by default to block some
+# older grub / peimage issues. This is:
+# "shim,4\ngrub,4\ngrub.peimage,2\n"
+COMMON_OPTIONS += SBAT_AUTOMATIC_DATE=2024010900
+
 $(DBX_LIST): $(DBX_HASHES)
 	./debian/generate_dbx_list $(EFI_ARCH) $< $@