BR BCT Signing and Hash Compression

The data section in BR BCT is hashed using SHA512, and the hash digest is stored just after the 4-byte header magic at the start of BR BCT. BR uses the digest to verify BR BCT integrity before passing it to PSC-ROM for separate public-key authentication.

During boot the hash value is computed and compared with the stored value. If the update tool does not find a matching stored value, or if it finds that no value is present, the tool stores the computed value.