Next: loadfont, Previous: list_trusted, Up: Command-line commands [Contents][Index]
Load all variables from the environment block file into the environment. See Environment block.
The --file option overrides the default location of the environment block.
The --skip-sig option skips signature checking even when the
value of environment variable check_signatures is set to
enforce (see check_signatures).
If one or more variable names are provided as arguments, they are interpreted as a whitelist of variables to load from the environment block file. Variables set in the file but not present in the whitelist are ignored.
The --skip-sig option should be used with care, and should
always be used in concert with a whitelist of acceptable variables
whose values should be set. Failure to employ a carefully constructed
whitelist could result in reading a malicious value into critical
environment variables from the file, such as setting
check_signatures=no, modifying prefix to boot from an
unexpected location or not at all, etc.
When used with care, --skip-sig and the whitelist enable an administrator to configure a system to boot only signed configurations, but to allow the user to select from among multiple configurations, and to enable “one-shot” boot attempts and “savedefault” behavior. See Using digital signatures, for more information.