Re: [edk2-devel] How to restrict HTTPS boot to a single address

["Sivaraman Nainar" <sivaramann@ami.com>]

[-- Attachment #1: Type: text/plain, Size: 1684 bytes --]

Hello Rafael.

HttpBootCheckUriScheme() in HttpBootDxe\HttpBootSupport.c should be the right place to filter the URI.

Please give a try.

-Siva
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Rafael Machado via groups.io
Sent: Friday, August 26, 2022 7:46 PM
To: devel@edk2.groups.io
Subject: [EXTERNAL] [edk2-devel] How to restrict HTTPS boot to a single address


**CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.**
Hello everyone.

Quick question for the ones that understand better the HTTPBoot architecture at the edk2 structure.

Suppose I have to restrict HTTPS boot to accept only the download of images from a specific url.
For example, instead of allowing the download of images from any valid CA certificate address, I would like to restrict HTTPSBoot to allow only downloads from some specific domain I have.

Probably filtering some information, CN or something like that, from the url certificate.

What is the best way to do that?
In which driver/library should this logic be added?

Thanks
Rafael

-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.

[-- Attachment #2: Type: text/html, Size: 5077 bytes --]