-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

rharwood's statement about Secure Boot on 2023-07-06:

I'm one of the upstream maintainers for
[pesign](https://github.com/rhboot/pesign), which is used for signing
EFI binaries, and I'm one of the upstream maintainers of
[shim](https://github.com/rhboot/shim), which most Linux distros use
to transition from the firmware's security domain to the kernel's.
I'm also responsible for Fedora's builds of pesign, shim, and grub2.
I'm not responsible for the kernels for Fedora, nor for determining
which of them finally get signed for Secure Boot.

# Fedora

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor in Fedora's signed secure
boot binaries, including shim, grub2, the kernel, and pesign, nor have I at
any time been approached about disclosure of our signing keys.  I am also not
aware of anyone else involved in our signing that has been contacted with
warrants of any kind, or any similar instrument, or in any way, from
governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor in Fedora's signed secure boot binaries, including shim,
grub2, the kernel, and pesign, nor am I aware of any other involved party
having at any time been approached about disclosure of our signing keys
(except the troll called out in pjones's statement).

# Upstream pesign/shim

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor into either shim or pesign.
I am also unaware of any other contributor to shim or pesign having been
contacted with warrants of any kind, or any similar instrument, or in any way,
from governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor into either shim or pesign.

# Change history

2023-05-02: removed statements about RHEL and CentOS as I have left
Red Hat.  At the time of their removal, the statements were still
true.

2022-03-09: created document based on [pjones's current
statement](https://blog.uncooperative.org/shim-info-2022-03-02.txt.asc).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAmSnMUsACgkQJTL5F2qV
pELcPw/9GYTh1xysSmqT+nU99UZnQEEMvN2mY+NCWHc+/TuSWGVd84hfVp7Q+SCm
ZerRM0oHgAcYUOZrb8QfUY5s+y9CIK/knM9JNHEB/m6SGkRazSiaL16lfobrYKrS
GCGTaBzLpzC0Q23ORAc8ovKSruQS47BEOqgEZqDOIiUsnsfZZktfOIJkjbZls+2J
U1LzQgu8nustRpwxClsyPYFv6J72mjKsQkyGsRXt/IAG9NlasFDnLvkGLyCMYPLH
x3tzUSZpaCDEoZ4F64Z158geKabiWN+Nz+S4OKqZX3zJil7ayGXzg5d4McUg9qx+
tvIZGy0sfm9HcNSeWHHq7//a4RjMphwOEXr9YrzefYln1xr/n4O8CzQ4xUiTLdiX
lbA5oZZDwMFx7ZmZNu4YPow2mga0HSwjyocSHW0oN/Ih8VMuyDy8xnjSZ/07i1nk
xxiAWtevIyw4H53o/cg+UKJ7JKxDIRYKVKioW7O+nPP0BpRWKyRCk5wtvME/wBvp
ZN3E8Ygd5Fvt0VG+ShfB+o3Xyl/0IMPsdmwu7haa9E4y7gEg+4MC5ndiYbHqHuky
krwXvqYr/f8BM2HQvPj6sNlV9nek5291UCt2ZgwThlWZ67r2kRwoI/T/ewQN2s3O
FsnOrQUrOm3ulngjUb+NtKtSgq68lfFgUOSBeS15sBD14Zi/AVA=
=aTAZ
-----END PGP SIGNATURE-----