-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

rharwood's statement about Secure Boot on 2023-06-06:

I'm one of the upstream maintainers for
[pesign](https://github.com/rhboot/pesign), which is used for signing
EFI binaries, and I'm one of the upstream maintainers of
[shim](https://github.com/rhboot/shim), which most Linux distros use
to transition from the firmware's security domain to the kernel's.
I'm also responsible for Fedora's builds of pesign, shim, and grub2.
I'm not responsible for the kernels for Fedora, nor for determining
which of them finally get signed for Secure Boot.

# Fedora

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor in Fedora's signed secure
boot binaries, including shim, grub2, the kernel, and pesign, nor have I at
any time been approached about disclosure of our signing keys.  I am also not
aware of anyone else involved in our signing that has been contacted with
warrants of any kind, or any similar instrument, or in any way, from
governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor in Fedora's signed secure boot binaries, including shim,
grub2, the kernel, and pesign, nor am I aware of any other involved party
having at any time been approached about disclosure of our signing keys
(except the troll called out in pjones's statement).

# Upstream pesign/shim

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor into either shim or pesign.
I am also unaware of any other contributor to shim or pesign having been
contacted with warrants of any kind, or any similar instrument, or in any way,
from governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor into either shim or pesign.

# Change history

2023-05-02: removed statements about RHEL and CentOS as I have left
Red Hat.  At the time of their removal, the statements were still
true.

2022-03-09: created document based on [pjones's current
statement](https://blog.uncooperative.org/shim-info-2022-03-02.txt.asc).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAmR/pjEACgkQJTL5F2qV
pELttg/+NHnC3IvkYTGPdgTNGoeyeeWDjGKAZgUDgcT5uAlbUOVtFlg0ccLrfSb3
xKOgcPuKbPSp5mghCCvJo3e8lpERNadquIAXx+zOumiOGcPxu78z+F+tMZpA2a6e
koREJssr1iVKw5nE4k6hAnA5ngxCimZlZBp2zqZCZjBpsoK6ocdwmhyDGlqTWXsQ
Cmv4kWLl80Sg3o+/vKdlADjjHG6ldhQOHuaVCkJ6MRxGHxLqkeWyPD5NuOKo/fTt
A9RjQS8ag8nDbU8q+7htQ6n3Z8ys26NbDy1EpyBoND0ho2j2iFsc9woBFanp+JDK
m3NDlx7klDKBkRMJhm4Ve729/WBbX2KfOM5AT1oCcYvldHcz7tqj4s1vLKnv4VA0
WwjBSnI7dFDLBYz+h2eamHyNBkohhhAkZ4GsHFeb8VsKgHPN0iftodrpOUUJcrJN
yJnlPhrjIkE5OI31XtO+pRYW/JK7iiXHjsGkGrf2cdTeeiFeKjSE+u8b+7ZywoSV
MwGbB6Q6mBv3zHEBSvg5+abaDs1jNI8NVNHpVkIhBpzZKgROhdBtY8SOPsEzg2bq
pc7BJHQYB1Rgv2A3f4nozCLMLSSB0egvw6vy+ugUsqvvs/ayKrqKwfFhGeJdN5D9
EhXhrlXM9xbpfg/bIOAB9gN0vpg4pdyiyEdRqKWZoUFNAUFRoMQ=
=X638
-----END PGP SIGNATURE-----