https://devzone.nordicsemi.com/f/nordic-q-a/105006/mcuboot---firmware-signature-looks-different-at-each-buildHi, We are developing on an NRF9160 using the NRF Connect SDK v1.6.1. (The project started two years earlier). We have set up a CI to ensure the integrity of the generated firmwares. We use MCUBoot (v1.7.99) as a bootloader and we noticed that twoen-USTelligent Community 13Fri, 27 Oct 2023 13:17:28 GMThttps://devzone.nordicsemi.com/thread/452797?ContentTypeID=1Fri, 27 Oct 2023 13:17:28 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0f1b132f-7619-4011-b1a5-30b6adbe0b0bAmanda Hsieh<p>Good to hear it works.&nbsp;</p> <p>-Amanda H.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/452706?ContentTypeID=1Fri, 27 Oct 2023 06:22:39 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d9b2858d-9bcf-4992-86ae-aa596ffec841Benjamin V.<p>Thank you for your response and promptness.</p> <p>Indeed, what you said makes sense.</p> <p>I just checked the <code>app_to_sign.bin</code> files and they are indeed identical.</p> <p>I just ran <code>imgtool verify --key &lt;key.pem&gt; app_update.bin</code> on my two builds and both returned the same thing.<br /><br /><pre class="ui-code" data-mode="text">imgtool verify --key &lt;key.pem&gt; build/zephyr/app_update.bin Image was correctly validated Image version: 1.12.0+0 Image digest: 8f1d53663ec5c[...]836fb96bfc</pre></p> <p>Thanks again and have a great day,</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/452612?ContentTypeID=1Thu, 26 Oct 2023 13:34:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9cbaacfb-e427-4dac-9f3d-467535d086adAmanda Hsieh<p>Hi,&nbsp;</p> <p><span><span dir="ltr">The signature schemes are non-deterministic, so this is to be expected.</span></span></p> <p>Given the signature is non-deterministic, one way to ensure two builds have created the same firmware is to do these two steps:</p> <p>1. strip the signature and hash before comparing the firmware itself.</p> <p>2. use the <code>imgtool verify</code> command to check that the signature of both images can be verified with the same key.</p> <p>Regards,<br />Amanda H.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/452421?ContentTypeID=1Thu, 26 Oct 2023 06:56:43 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f70652c3-9682-4190-b4e9-b15a4f5273f5Benjamin V.<p>Thanks for your&nbsp;investigations on my issue.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/452365?ContentTypeID=1Wed, 25 Oct 2023 19:03:10 GMT137ad170-7792-4731-bb38-c0d22fbe4515:06a9bf80-3019-4abd-8831-7958ed517439Amanda Hsieh<p>Hi,&nbsp;</p> <p>I am working on this case and will update it later.&nbsp;</p> <p>Regards,<br />Amanda H.</p><div style="clear:both;"></div>