Rafael,

I’m not sure this matches exactly what you are looking for, but the OVMF (Virtual Machine) has some configuration options around HTTPS boot [1]. That might be a good place to start. 

[1] https://github.com/tianocore/edk2/blob/master/OvmfPkg/README#L232

Thanks,

Andrew Fish

> On Aug 26, 2022, at 7:15 AM, Rafael Machado <rafaelrodrigues.machado@gmail.com> wrote:
> 
> Hello everyone.
> 
> Quick question for the ones that understand better the HTTPBoot architecture at the edk2 structure.
> 
> Suppose I have to restrict HTTPS boot to accept only the download of images from a specific url.
> For example, instead of allowing the download of images from any valid CA certificate address, I would like to restrict HTTPSBoot to allow only downloads from some specific domain I have.
> 
> Probably filtering some information, CN or something like that, from the url certificate.
> 
> What is the best way to do that?
> In which driver/library should this logic be added?
> 
> Thanks
> Rafael
>