-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm involved in Secure Boot signing in various distros in several ways.

I wrote and maintain pesign ( http://github.com/vathpela/pesign ),
which is used for signing EFI binaries, and I'm one of the upstream
maintainers of shim ( http://github.com/mjg59/shim ), which most Linux
distros use to transition from the firmware's security domain to the
kernel's. I'm also responsible for Fedora and RHEL's builds of pesign,
shim, and grub2.  I'm not responsible for the kernels for RHEL or Fedora,
nor for determining which of them finally get signed for Secure Boot.  I
have been responsible for generating keys for signing Fedora's binaries.

As the guy who gets shim signed for Fedora:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor in Fedora's
signed secure boot binaries, including shim, grub2, the kernel, and pesign,
nor have I at any time been approached about disclosure of our signing
keys.  I am also not aware of anyone else involved in our signing that has
been contacted with warrants of any kind, or any similar instrument, or in
any way, from governmental or non-governmental entities, about inclusion of
any kind of malware or backdoor in Fedora's signed secure boot binaries,
including shim, grub2, the kernel, and pesign, nor have I at any time been
approached about disclosure of our signing keys.

As the guy who gets shim signed for RHEL:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor in RHEL's
signed secure boot binaries, including shim, grub2, the kernel, and pesign,
nor have I at any time been approached about disclosure of our signing
keys.  I am also not aware of anyone else involved in our signing that has
been contacted with warrants of any kind, or any similar instrument, or in
any way, from governmental or non-governmental entities, about inclusion of
any kind of malware or backdoor in RHEL's signed secure boot binaries,
including shim, grub2, the kernel, and pesign, nor have I at any time been
approached about disclosure of our signing keys.

As the upstream maintainer of pesign and an upstream maintainer of shim:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor into either
shim or pesign.  I am also unaware of any other contributor to shim or
pesign having been contacted with warrants of of any kind, or any 
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor into either
shim or pesign.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBU5DAEe7SZrcPT+8QAQLjDQ/+KCN1MLJcZfhpI+jUWt4UEuq8wTTScMOy
kqBovDBiUsVnxvNwtazupuqktv2HN27onnGICUg6GeR0Fl2XLaJ1SKGNQd3UJ5ZS
nL5gY09VJTGJSyU4tHArTiEtMdUkm1A+nrnLCIOeD/A/tODOKERKb5m/g5mg/fzn
/Ho4VrNXGFX/bGzFr8RtDRl8MHur+JLnsHoFVUcwF/PonxvdAd3T+AaucFzDTKhL
La6kbPjNU71CrHb5KGRm3MszkUqVSF2zZlYQEMn3YaZo2dIMpLD2PYFcAfEGGXgp
nE45OXzJG1n347tocRzjY3Ks7GGL+bGIm/3fWWmYK1FggjpjtelgAugKJ8G6uuN8
ZP7hZGqev1yJd9yBJDbM5qyJe9i9X++F9HTmkpRcupl5dI6lD75gF2PcXL/LzUR1
Kldg4vWXB1EUXDs9efwHcTLeWKIWkhK8MRoAK78w1ZSMjqCOQ49tQF0w3GkFbiR3
0c8Efnz7QYdOyKYQvsd3j09utJeuADcneK6YAYgfCLSfYp2D6RSt3/MBQexD3dD+
Mz6pFZCbAkdrqRBFklmJTND+lzsuNqhanwQpNpO70jwbxspP5fboELOm0WI0juyI
Z2DTtqujHTyrgfIW/ZiD3v7ur/nSzaSs4Zsb4+9d8HrShZ8lleWr1EoEiO5F4tER
uqzZ+ChdQSU=
=vZMk
-----END PGP SIGNATURE-----