SignerSignEx2 fails with 0xC0000225 for SHA256 signatures (HSM access from within Docker container)

We're running an application within a Windows Docker container. This application calls SignerSignEx2 to add an Authenticode signature to a file. If we use SHA1 as the hashing algorithm everything works just fine, however, if we use SHA256 it fails with 0xC0000225. If we execute the very same application outside of the container it works with SHA256 as well.

It also works if we use the Microsoft Enhanced RSA and AES Cryptographic Provider CSP, so it is a problem of the Luna enhanced RSA and AES provider for Microsoft Windows CSP we're trying to use for our HSM (Hardware Security Module).

Note: it isn't an implementation problem, we run into the same problem when using signtool.exe within the container.