Quick question for the ones that understand better the HTTPBoot architecture at the edk2 structure.

Suppose I have to restrict HTTPS boot to accept only the download of images from a specific url.

For example, instead of allowing the download of images from any valid CA certificate address, I would like to restrict HTTPSBoot to allow only downloads from some specific domain I have.

Probably filtering some information, CN or something like that, from the url certificate.

What is the best way to do that?

In which driver/library should this logic be added?

Thanks

Rafael