Next: , Previous: , Up: Command-line and menu entry commands   [Contents][Index]

16.3.41 load_env

Command: load_env [--file file] [--skip-sig] [whitelisted_variable_name] …

Load all variables from the environment block file into the environment. See Environment block.

The --file option overrides the default location of the environment block.

The --skip-sig option skips signature checking even when the value of environment variable check_signatures is set to enforce (see check_signatures).

If one or more variable names are provided as arguments, they are interpreted as a whitelist of variables to load from the environment block file. Variables set in the file but not present in the whitelist are ignored.

The --skip-sig option should be used with care, and should always be used in concert with a whitelist of acceptable variables whose values should be set. Failure to employ a carefully constructed whitelist could result in reading a malicious value into critical environment variables from the file, such as setting check_signatures=no, modifying prefix to boot from an unexpected location or not at all, etc.

When used with care, --skip-sig and the whitelist enable an administrator to configure a system to boot only signed configurations, but to allow the user to select from among multiple configurations, and to enable “one-shot” boot attempts and “savedefault” behavior. See Using digital signatures, for more information.