diff --git a/.gitignore b/.gitignore
index 5a703bd..2a4ed69 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,7 @@
 # editor backup/tmp files
 *~
 *.sw?
+
+# generated revocation payload
+data/sbat_level_automatic.csv
+data/sbat_level_latest.csv
diff --git a/.gitmodules b/.gitmodules
index 4e5d47a..e228fa3 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,6 @@
 	path = gnu-efi
 	url = https://github.com/rhboot/gnu-efi
 	branch = shim-15.6
+[submodule "shim"]
+	path = shim
+	url = https://github.com/rhboot/shim
diff --git a/Makefile b/Makefile
index 06145d7..02a36a7 100644
--- a/Makefile
+++ b/Makefile
@@ -112,6 +112,19 @@ revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbata .sspva .sspsa .sspvl
 revocations.o : certwrapper.o
 	cp certwrapper.o revocations.o
 
+SBAT_LATEST_DATE ?= 2023012950
+SBAT_AUTOMATIC_DATE ?= 2023012900
+
+$(SBATLEVELLATESTPATH) :
+	awk '/^sbat,1,$(SBAT_LATEST_DATE)/ { print $$0 }' \
+		FS=\"\n\" RS=\\n\\n shim/SbatLevel_Variable.txt \
+		> $@
+
+$(SBATLEVELAUTOMATICPATH) :
+	awk '/^sbat,1,$(SBAT_AUTOMATIC_DATE)/ { print $$0 }' \
+		FS=\"\n\" RS=\\n\\n shim/SbatLevel_Variable.txt \
+		> $@
+
 %.efi : %.so
 ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
@@ -121,6 +134,7 @@ endif
 		   $(OBJFLAGS) \
 		   $(FORMAT) $^ $@
 
+revocation_data.o : $(SBATLEVELLATESTPATH) $(SBATLEVELAUTOMATICPATH)
 revocation_data.o : | $(SBATPATH) $(VENDOR_SBATS)
 revocation_data.o : /dev/null
 	$(CC) $(BUILDFLAGS) -x c -c -o $@ $<
@@ -156,7 +170,7 @@ revocation_data.o : /dev/null
 	$(CC) $(BUILDFLAGS) -c -o $@ $^
 
 clean :
-	@rm -vf *.o *.so *.efi
+	@rm -vf *.o *.so *.efi $(SBATLEVELLATESTPATH) $(SBATLEVELAUTOMATICPATH)
 
 update :
 	git submodule update --init --recursive
diff --git a/data/sbat_level_automatic.csv b/data/sbat_level_automatic.csv
deleted file mode 100644
index e219305..0000000
--- a/data/sbat_level_automatic.csv
+++ /dev/null
@@ -1,4 +0,0 @@
-sbat,1,2022111500
-shim,2
-grub,3
-grub.debian,4
diff --git a/data/sbat_level_latest.csv b/data/sbat_level_latest.csv
deleted file mode 100644
index de466ab..0000000
--- a/data/sbat_level_latest.csv
+++ /dev/null
@@ -1,3 +0,0 @@
-sbat,1,2023100300
-shim,4
-grub,4
diff --git a/shim b/shim
new file mode 160000
index 0000000..314aecf
--- /dev/null
+++ b/shim
@@ -0,0 +1 @@
+Subproject commit 314aecf89318d31697a3fabf14cf49a0dc359331