-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

pjones' statement about Secure Boot on 2017-04-04:

I'm involved in Secure Boot signing in various distros in several ways.

I wrote and maintain pesign ( https://github.com/rhinstaller/pesign ),
which is used for signing EFI binaries, and I'm one of the upstream
maintainers of shim ( https://github.com/rhinstaller/shim ), which most
Linux distros use to transition from the firmware's security domain to the
kernel's. I'm also responsible for Fedora and RHEL's builds of pesign,
shim, and grub2.  I'm not responsible for the kernels for RHEL or Fedora,
nor for determining which of them finally get signed for Secure Boot.  I
have been responsible for generating keys for signing Fedora's binaries.

As the guy who gets shim signed for Fedora:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor in Fedora's
signed secure boot binaries, including shim, grub2, the kernel, and pesign,
nor have I at any time been approached about disclosure of our signing
keys.  I am also not aware of anyone else involved in our signing that has
been contacted with warrants of any kind, or any similar instrument, or in
any way, from governmental or non-governmental entities, about inclusion of
any kind of malware or backdoor in Fedora's signed secure boot binaries,
including shim, grub2, the kernel, and pesign, nor am I aware of any other
involved party having at any time been approached about disclosure of
our signing keys.

As the guy who gets shim signed for RHEL:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor in RHEL's
signed secure boot binaries, including shim, grub2, the kernel, and pesign,
nor have I at any time been approached about disclosure of our signing
keys.  I am also not aware of anyone else involved in our signing that has
been contacted with warrants of any kind, or any similar instrument, or in
any way, from governmental or non-governmental entities, about inclusion of
any kind of malware or backdoor in RHEL's signed secure boot binaries,
including shim, grub2, the kernel, and pesign, nor am I aware of any other
involved party having at any time been approached about disclosure of
our signing keys.

As a person involved in CentOS signing in an advisory role:

I am not aware of anyone else involved in our signing that has
been contacted with warrants of any kind, or any similar instrument, or in
any way, from governmental or non-governmental entities, about inclusion of
any kind of malware or backdoor in CentOS's signed secure boot binaries,
including shim, grub2, the kernel, and pesign, nor am I aware of any other
involved party having at any time been approached about disclosure of
CentOS's signing keys.

As the upstream maintainer of pesign and an upstream maintainer of shim:

At no point have I been contacted with warrants of any kind, or any
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor into either
shim or pesign.  I am also unaware of any other contributor to shim or
pesign having been contacted with warrants of of any kind, or any 
similar instrument, or in any way, from governmental or non-governmental
entities, about inclusion of any kind of malware or backdoor into either
shim or pesign.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJY46TuAAoJEO7SZrcPT+8QDCgQAJKGeKQguRqjpG9GrYoLgBfW
0XJODKTspgCxBrLeyYuWVLiokA1aKL3CtxQGn4yb7CHq0OR4R+PwqtJ7QAJpD9OA
2strHLHdqQYGNcmA4/LEd6EwQV4vV9/ZeKAQiJ4Q25/6m8eSrDLmUISBdZGJrLfy
e21UnDiOpZ1TPKtEyzY2ug5J74+yIJcDOouWnqE3OfL9yvJF7tp/Xi0+Qtdp35hs
P9XXh/WODlBONYK6Pk4DBv6qUzt+3NlXoK6B7tZRy4uV+TfVuzxfYr9l1r8sKcRK
bCVLMjUHJCQnN1VayIYGG4DnNq21cCBekCwR9Lic/nznpgJKk8JE72AWKL4M8baB
G48r52n8kpliOFYEy9XQRsyyLwer0v6t7ar7Mrlcq3dxEkHWgdCwRAcKxMc8yKqh
ZOehXyusLwLtqV/37RpG2JR9jVCKoVYBxjBV8i6ucJVZMKlKCT3ZkZNn4YYcKyd1
tSY2U3oxRdQzc3uNR9A58CRZELSSyHPeT2tm+i5zKv+XKxQFMdDFbDS8gpcP86s7
Bxp7cR/DIKG+jbs5XMEGBYWOl0x8hr+D5V8baP+4TOaee2cIe5LA+Y9aSZBTjZio
zehQEB+VNAFIFT2X6m2JJ3iTLiZxnQx0Aft9eu1Sugg1mnKCuqF4KD8sik9HE/s4
/SIPmHoKuNhadclaZtkl
=njNV
-----END PGP SIGNATURE-----