-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

rharwood's statement about Secure Boot on 2023-10-15:

This will be the last one of these I plan to issue.  While my reasons
are personal, I do not anticipate being contacted in any of the ways
described below (i.e., there is nothing nefarious going on that I am
aware of with respect to security and integrity of bootloader
components).

I'm one of the upstream maintainers for
[pesign](https://github.com/rhboot/pesign), which is used for signing
EFI binaries, and I'm one of the upstream maintainers of
[shim](https://github.com/rhboot/shim), which most Linux distros use
to transition from the firmware's security domain to the kernel's.
I'm also responsible for Fedora's builds of pesign, shim, and grub2.
I'm not responsible for the kernels for Fedora, nor for determining
which of them finally get signed for Secure Boot.

# Fedora

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor in Fedora's signed secure
boot binaries, including shim, grub2, the kernel, and pesign, nor have I at
any time been approached about disclosure of our signing keys.  I am also not
aware of anyone else involved in our signing that has been contacted with
warrants of any kind, or any similar instrument, or in any way, from
governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor in Fedora's signed secure boot binaries, including shim,
grub2, the kernel, and pesign, nor am I aware of any other involved party
having at any time been approached about disclosure of our signing keys
(except the troll called out in pjones's statement).

# Upstream pesign/shim

At no point have I been contacted with warrants of any kind, or any similar
instrument, or in any way, from governmental or non-governmental entities,
about inclusion of any kind of malware or backdoor into either shim or pesign.
I am also unaware of any other contributor to shim or pesign having been
contacted with warrants of any kind, or any similar instrument, or in any way,
from governmental or non-governmental entities, about inclusion of any kind of
malware or backdoor into either shim or pesign.

# Change history

2023-10-15: added first paragraph about this being the last one.

2023-05-02: removed statements about RHEL and CentOS as I have left
Red Hat.  At the time of their removal, the statements were still
true.

2022-03-09: created document based on [pjones's current
statement](https://blog.uncooperative.org/shim-info-2022-03-02.txt.asc).
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAmUr+YoACgkQJTL5F2qV
pELgKBAAkQUoFAieHswL6K89dhxQE7B/oJZb5QAHTMMwDDxIBqn8w5bjj7V+alqX
0sAaaxabCmPrD9ZwNk4qKX/qMQQkvB7RRMWcFR1/T6xgWHnlbyP3/nzD8Qoy8qUw
k4agmQaRTVlzeHoXdR9S3ciHSk6CPVscROdgrry56jeEknxXuBGuU4KdXiREsEIK
nvCtVOYLABn3wXV7DEiwYfCl3awBf8bPBP3ULcJZiIaHrH1zRrxg09S/5BCN+OOR
qlWEcSeB0xXLwX75FW6QzwSsGBh/J7ou94SiPszBfgDvnBdo0Gc0bdCTFBursi8p
eCRckmTFFtxcwU29KtUSLj3wRbB6rePJ9eseoJzlsktSrBfibzR3guScFk1GmT0+
vT/QRtrCxaj4/0TJA4BMylLRYreYJNnT28RPOW3Ex8yz/la5YJdr3mW8ebF2zBax
XE1M6Dj9NH7Sjii1XXMsYKrppq1ifo3FgokpnHgffd5tZUcSvOYENnfomEoMI+6J
0spxNuxSRFV4uf2jP9jFHsa9wB4Lz8V9zKJ/bVco05m+BnhdilpWfaeOMxsjTv+t
4xigEAFjJDP4Oe+3yreZMHx9oFHe1u3+EogmfwyM7oRwy3zbdk9LbwK/ang7dGTQ
97bgoxnvMZIKtFKNGps61Dp1Sf/lmAmlM/OrRctEL0hlpScyPQE=
=H5Qi
-----END PGP SIGNATURE-----