From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by mx.groups.io with SMTP id smtpd.web12.37332.1661523361784661126 for ; Fri, 26 Aug 2022 07:16:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LdEsnshc; spf=pass (domain: gmail.com, ip: 209.85.208.50, mailfrom: rafaelrodrigues.machado@gmail.com) Received: by mail-ed1-f50.google.com with SMTP id 2so2302748edx.2 for ; Fri, 26 Aug 2022 07:16:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc; bh=UjhePb2PVxrlnQiChUj/uRHMS+mcgo1YZZDE7+P6EEw=; b=LdEsnshcw0u/hxZkqIuXi5yVSDeQm4iw67vrmSU8waFQHUIShgg6JGs3EF4iQd2X6q PnJwVSv6/H0oZS34dl6jXZoe6FiFnzB4ozfwxLwfI2MzqzADdULxB4qluILcztGSsxFa +swKmo1paBaeCGPr5Wm3hkROpI7FhHpuem+8z8ZR9U5n76pDE2evj2Su2fnL2MPsGrEo ItwLeZd/XBQtPojlc8nxI26ACkH9kaxmr3+x3JSuE10mVe3iJc7KOjIHgYARnagkiYOL 4rpX2vLZJL4NCG/dDNbbqBS59/ehc1QdNmihugVe3J/zQ2tH9EdfYRPVnIoFJrn9qX/7 8ENg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=UjhePb2PVxrlnQiChUj/uRHMS+mcgo1YZZDE7+P6EEw=; b=Br4sFhtcleO29Sw3dKd6dk/zCEEkNJtzPDMgjrAQ1tniZLTkEGjIDbqCXqERHpWbqy GTb1H5Y+e4jLpQlpXrsTOLpqFAHVJnNWnfuURCbh5EquG/guK2pZIWFRSVqMUk6YJzGu 0HBTx8v3LaHyfwlZm8d7FpyWKat232ExGAkOrJTtsXr4JTHix3Z0dgI5kjolA8NE0phQ NvZbCIXc7/LzvWnVQSj6qkcY54nF4V7shFRgTpetWr+W4+Bf9N6/6eAxF8kp48hoU1/r QkNHR9PmeNo+sd6oHM/WGK8FfxnxLIj2eAhsQq+YEI+boUbcm4rv1MRb/u8rbeBxZuTq DogA== X-Gm-Message-State: ACgBeo1Kmu12w910YcHFdEBD6MGuVZgSq3ZdHHWBvV8UNrr0l0+0Bk1w 3fMfu96AhhnqPO+d6A+xsJEVZzJwLJESObjZasigkSPh X-Google-Smtp-Source: AA6agR7IM50HGoj1oW7Afkbg/Oy8izkJ2R/1iPO5R+H14qBVN4j+m9uqNUjHg0ok+mC5/8W58TgnAiNHEW0HexuBkDI= X-Received: by 2002:a05:6402:3408:b0:43c:2dd3:d86b with SMTP id k8-20020a056402340800b0043c2dd3d86bmr7056783edc.108.1661523359601; Fri, 26 Aug 2022 07:15:59 -0700 (PDT) MIME-Version: 1.0 From: "Rafael Machado" Date: Fri, 26 Aug 2022 11:15:48 -0300 Message-ID: Subject: How to restrict HTTPS boot to a single address To: devel@edk2.groups.io Content-Type: multipart/alternative; boundary="000000000000a2981f05e7258d37" --000000000000a2981f05e7258d37 Content-Type: text/plain; charset="UTF-8" Hello everyone. Quick question for the ones that understand better the HTTPBoot architecture at the edk2 structure. Suppose I have to restrict HTTPS boot to accept only the download of images from a specific url. For example, instead of allowing the download of images from any valid CA certificate address, I would like to restrict HTTPSBoot to allow only downloads from some specific domain I have. Probably filtering some information, CN or something like that, from the url certificate. What is the best way to do that? In which driver/library should this logic be added? Thanks Rafael --000000000000a2981f05e7258d37 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello everyone.

Quick question for the = ones that understand better the HTTPBoot architecture at the edk2 structure= .

Suppose I have to restrict HTTPS boot to accept = only the download of images from a specific url.
For example, ins= tead of allowing the download of images from any valid CA certificate addre= ss, I would like to restrict HTTPSBoot to allow only downloads from some sp= ecific domain I have.

Probably filtering some info= rmation, CN or something like that, from the url certificate.
What is the best way to do that?
In which driver/libr= ary should this logic be added?

Thanks
R= afael
--000000000000a2981f05e7258d37--