I think add file sha256 to GetInfo response will be better.
so that it can be verified after firmware has been download.
crc64 in file name is out of fashion.
This might be challenging to implement because SHA-256 may be too slow to compute for a large file to keep up with the timing constraints imposed by the service call. We used to have a CRC field in the v0 counterpart of this service that was removed for the same reason.
The preferred alternative is to keep the hash in a separate file, which is common practice with FTP servers on the Internet: