Resolved! Deceptive default behavior from cert_create and fiptool bbclass.
https://github.com/STMicroelectronics/meta-st-stm32mp/blob/kirkstone/classes/fip-utils-stm32mp.bbclassFIP_SIGN_KEY is used to specify the rot key.But if that key is not found (wrong path for example),the bbclass and cert_create silently creates a new...