Cirrus Erase — Security

This page is the canonical public source for Cirrus Erase security contacts. If you've found a vulnerability, please report it privately via one of the channels below. Do not file a public GitHub issue for security reports.

Contacts

Primary

Email: security@cirruserase.com

PGP fingerprint:

25DF C03A 27EB 601D F5CA D641 1608 5930 DAD1 793F

PGP key: download combined .asc (primary + secondary), or primary only. Also on keys.openpgp.org.

This mailbox routes to the Cirrus Erase team's group inbox. It is the stable, long-lived primary contact; this address will not change.

Secondary

Name: Jon Godfrey

Email: jon.a.godfrey@gmail.com

PGP fingerprint:

AA36 4D31 596A 8300 7C64 15BA E353 D3F7 F3E6 AA29

PGP key: download .asc. Also on keys.openpgp.org.

Independent backup contact, running on infrastructure separate from cirruserase.com. Use this only if the primary is unreachable. This contact may be rotated; the canonical current value is whatever this page shows.

What to include in a report

A clear description of the issue.
The affected Cirrus version (in VERSION at the repo root, or visible at http://<lan-server>:8080/api/version on a deployed LAN Server).
Steps to reproduce, with logs, captures, or screenshots where applicable.
Your assessment of severity (we'll do our own assessment too).
Credit preference: how you'd like to be named (or "anonymous").

What to expect

Acknowledgement — within 5 business days.
Initial assessment — within 10 business days.
Coordinated disclosure — by mutual agreement, typically 90 days from acknowledgement.

Boot-chain integrity

Cirrus Erase ships a Microsoft-signed UEFI shim signed under the "Cirrus Erase" vendor identity. The shim signature can be inspected with sbverify or pesign.

If you find a binary attributed to Cirrus Erase that fails signature verification against the Microsoft UEFI CA, report it via the primary contact above — this would indicate either a key compromise or a binary-substitution attack, both of which we treat as the highest severity.

For the record:

The Cirrus Erase shim never invokes shim's MOK-enrolment pathway. It never writes to a target machine's UEFI NVRAM. If you observe MOK-enrolment behaviour from a Cirrus Erase boot session, that is a defect.
The ADISA-certified Erase .so is published with a known SHA-256. Reports of .so substitution or modification at runtime are highest priority.

Published advisories

Past security advisories are listed at /advisories.