-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

rharwood's statement about Secure Boot on 2023-05-02:

I'm one of the upstream maintainers for
[pesign](https://github.com/rhboot/pesign), which is used for signing
EFI binaries, and I'm one of the upstream maintainers of
[shim](https://github.com/rhboot/shim), which most Linux distros use
to transition from the firmware's security domain to the kernel's.
I'm also responsible for Fedora's builds of pesign, shim, and grub2.
I'm not responsible for the kernels for Fedora, nor for determining
which of them finally get signed for Secure Boot.

# Fedora

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor in Fedora's signed secure
boot binaries, including shim, grub2, the kernel, and pesign, nor have I at
any time been approached about disclosure of our signing keys.  I am also not
aware of anyone else involved in our signing that has been contacted with
warrants of any kind, or any similar instrument, or in any way, from
governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor in Fedora's signed secure boot binaries, including shim,
grub2, the kernel, and pesign, nor am I aware of any other involved party
having at any time been approached about disclosure of our signing keys
(except the troll called out in pjones's statement).

# Upstream pesign/shim

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor into either shim or pesign.
I am also unaware of any other contributor to shim or pesign having been
contacted with warrants of any kind, or any similar instrument, or in any way,
from governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor into either shim or pesign.

# Change history

2023-05-02: removed statements about RHEL and CentOS as I have left
Red Hat.  At the time of their removal, the statements were still
true.

2022-03-09: created document based on [pjones's current
statement](https://blog.uncooperative.org/shim-info-2022-03-02.txt.asc).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAmRRmmwACgkQJTL5F2qV
pEJOpQ//RCIrA+yWWYXKS7L0LppbKjfc2FLDLqIyvgidQMs4bTpSKfYD6FSEY2hR
BEnFMsBrKyL2i0iqK/nbj/TZ5RA0bKQGvK1/l4+sMrn3lBR4XnbLn0m+PB4pxt8c
bkhPNt9ttKd1R4j4IBeUuCrDpn+bt87Y/Ha04mIpCD0iYhY8cCY1uMwmnXK+fhKi
B2PXjLaXH6vo3RLnM5g8JQ0OZhRYjIA3wo0+2kYhuml67WOblNv5VaFStsCR+GN3
r0XmXvVjRzqUjVB3gaxvAsH3j8EhoWy4/Ribby88DiipRUNLTwJBmCQVxVvk5V9R
NiNFXkdZB7C4AcPgVJK815QTaR2GM23e7cBrXXzeddDf+AgbTq7H6HGPXhSrWY7S
9Qhgn0cYosVMVSrZJR2ELxtw0frB43SSNxh5zkxlE3/nUC76u50p72+cYzCx9Gs5
81r3BRg+3Ho6NrQ6GSQU/ELql9U1I6hG6uNMDw/BKT9Iia4hEcaqRf80M1g2cGNi
o27x4iaRfzhg2vfUEjTlhlrp3Y6oEWkYjxbRtuSxytBzCXfHYtnlPJGBkV16yesP
5v99rGmdBgpwk/Kc5WohSAIP8C/JO2diqZdhWnMQvMxb5lAdGyJNnb/JlztMxZoi
QtGUYu7XqN229hYJFmlbmXkK0Q3fSuGk2xvl+UjGHTwo0+tYC4A=
=wr/C
-----END PGP SIGNATURE-----