[edk2-devel] How to restrict HTTPS boot to a single address
Andrew Fish via groups.io
afish=apple.com at groups.io
Fri Aug 26 16:02:57 UTC 2022
Rafael,
I’m not sure this matches exactly what you are looking for, but the OVMF (Virtual Machine) has some configuration options around HTTPS boot [1]. That might be a good place to start.
[1] https://github.com/tianocore/edk2/blob/master/OvmfPkg/README#L232
Thanks,
Andrew Fish
> On Aug 26, 2022, at 7:15 AM, Rafael Machado <rafaelrodrigues.machado at gmail.com> wrote:
>
> Hello everyone.
>
> Quick question for the ones that understand better the HTTPBoot architecture at the edk2 structure.
>
> Suppose I have to restrict HTTPS boot to accept only the download of images from a specific url.
> For example, instead of allowing the download of images from any valid CA certificate address, I would like to restrict HTTPSBoot to allow only downloads from some specific domain I have.
>
> Probably filtering some information, CN or something like that, from the url certificate.
>
> What is the best way to do that?
> In which driver/library should this logic be added?
>
> Thanks
> Rafael
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92869): https://edk2.groups.io/g/devel/message/92869
Mute This Topic: https://groups.io/mt/93270616/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20220826/7d64c1dd/attachment.htm>
More information about the edk2-devel-archive
mailing list