-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

rharwood's statement about Secure Boot on 2023-08-01:

I'm one of the upstream maintainers for
[pesign](https://github.com/rhboot/pesign), which is used for signing
EFI binaries, and I'm one of the upstream maintainers of
[shim](https://github.com/rhboot/shim), which most Linux distros use
to transition from the firmware's security domain to the kernel's.
I'm also responsible for Fedora's builds of pesign, shim, and grub2.
I'm not responsible for the kernels for Fedora, nor for determining
which of them finally get signed for Secure Boot.

# Fedora

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor in Fedora's signed secure
boot binaries, including shim, grub2, the kernel, and pesign, nor have I at
any time been approached about disclosure of our signing keys.  I am also not
aware of anyone else involved in our signing that has been contacted with
warrants of any kind, or any similar instrument, or in any way, from
governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor in Fedora's signed secure boot binaries, including shim,
grub2, the kernel, and pesign, nor am I aware of any other involved party
having at any time been approached about disclosure of our signing keys
(except the troll called out in pjones's statement).

# Upstream pesign/shim

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor into either shim or pesign.
I am also unaware of any other contributor to shim or pesign having been
contacted with warrants of any kind, or any similar instrument, or in any way,
from governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor into either shim or pesign.

# Change history

2023-05-02: removed statements about RHEL and CentOS as I have left
Red Hat.  At the time of their removal, the statements were still
true.

2022-03-09: created document based on [pjones's current
statement](https://blog.uncooperative.org/shim-info-2022-03-02.txt.asc).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAmTJgAYACgkQJTL5F2qV
pEJikhAAsZ1iKSoRnu14WTf8K1ygU1a9EfBUcP6sAL3YmbHC551d3IUidb62FhOV
clZA9zyF4f2Xf3rbD7UkY6E7QIkLt4BwiWLkKjaDPKfs26j1hDn+SUjtuWt6gSFy
Aqfl7hKehPZDA/gIBLu0TO5XU0gbX9aX6FSmkk7e3aesWoZoWgb3MilfREUTEHaL
NuHyeVrVzrT7dtxQZUMSdlM0o2w+kNYTpaBMBt0oJOvSlEY/QxgBErTX9Vn1TOmN
cR1mxuskBTzkobRnx6cThLu2FCr00dtF3H8g9oQCvLY9LGIggVYwtQrDGaju28Vp
24eSBjMU+us7TOQKpISmJjDFreoHR1/VzGSAWEXH0ag0vInAyk2zHsIAWwgXooy1
bUsaHzoCaWwDut6Ls5e+KXePFJAXQspbZBe1FiQKygtbLUDH7zUMp4Lily/EsYy4
l+ohesgOYeS0BsV0qb62mL0jL7o2RbyPZGi7XU7PBSQ4VQHO7WldAl7VMr2avFFz
JVNSFBEZHPDPV1M+kZvKvuMgPloygvaimEfCED8/1d34WVS5FIx7guZW8nGu4coD
NJb4vmkNVfPm2QLIF+sDABtL0s+ktK4pWyuvttAcX5mXNVZXfTql8Z2tGCz2zwFp
szhzj0Og8LKGLO/quJ90+M7GlyPd6UuW93QxDp7sbehtn7U4VAI=
=AuRf
-----END PGP SIGNATURE-----