Hi, can someone help me in understanding why cst is generating 2 different hashes for the same input binary?
I'm using this input csf:
[Header]
Version = 4.2
Engine = DCP
Engine Configuration = 0
Certificate Format = x509
Signature Format = CMS
Hash Algorithm = sha256
[Install SRK]
File = "keys/SRK_1_2_3_4_table.bin"
Source Index = 0
[Install CSFK]
File = "crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
Certificate Format = x509
[Authenticate CSF]
[Install Key]
File = "crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
Verification Index = 0
Target Index = 2
[Authenticate Data]
Verification Index = 2
Engine = DCP
Engine Configuration = 0
Blocks = 0x60001000 0x1000 0x40 "test.bin",\
0x60002000 0x2000 0x40090 "test.bin"
[Set Engine]
Hash Algorithm = sha256
Engine = DCP
Engine Configuration = 0
[Unlock]
Engine = SNVS
Features = ZMK WRITE
with this command line invocation:
cst.exe -o out_csf.bin -i input.csf
the result from cst seems ok:
CSF Processed successfully and signed data available in out_csf.bin
But if I execute this process twice, the content of out_csf.bin is different.
I tried to debug this thing by using the program hab_csf_parser part of the cst package and analyzing the 2 generated out_csf.bin but the only different part is what follows the HAB_TAG_SIG 0xD8 which from my understanding is the signature itself. Am I doing something wrong here?
