You're assuming the CRC is supposed to *vouch* for the data.
The CRC can be there simply to vouch for the *transport* of a
datagram.
The packet routed to a particular interface is *supposed* to
conform to "version X" of an interface. There are different stubs
generated for different versions of EACH interface. The OCL for
the interface defines (and is used to check) the form of that
interface to that service/mechanism.

The parameters are checked on the client side -- why tie up the
transport medium with data that is inappropriate (redundant)
to THAT interface? Why tie up the server verifying that data?
The stub generator can perform all of those checks automatically
and CONSISTENTLY based on the OCL definition of that version
of that interface (because developers make mistakes).

So, at the instant you schedule the marshalled data for transmission,
you *know* the parameters are "appropriate" and compliant with
the constraints of THAT version of THAT interface.

Now, you have to ensure the packet doesn't get corrupted (altered) in
transmission. If it remains intact, then there is no need to check
the parameters on the server side.

NONE OF THE PARAMETERS... including the (implied) "interface version" field!

Yet, folks make mistakes. So, you want some additional reassurance
that this is at least intended for this version of the interface,
ESPECIALLY IF THAT CAN BE MADE AVAILABLE FOR ZERO COST (i.e., check
to see if the residual is 0xDEADBEEF instead of 0xB16B00B5).

Why burden the packet with a "protocol version" parameter?

So, use a version-specific CRC on the packet. If it fails, then
either the data in the packet has been corrupted (which could just
as easily have involved an embedded "interface version" parameter);
or the packet was formed with the wrong CRC.

If the CRC is correct FOR THAT VERSION OF THE PROTOCOL, then
why bother looking at a "protocol version" parameter? Would
you ALSO want to verify all the rest of the parameters?
You don't know if the parameters have been corrupted in a manner that
allows a packet intended for the correct interface to appear as correct.
What's your point?
Yes. You verify the correct interface at the client side -- where
it is invoked by the client and enforced in the OCL generated stub.
Thereafter, the server is concerned with corruption during transport
and the version specific CRC just gives another reassurance of
correct version without adding another cost.

[Imagine EVERY subroutine function call in your system having
such overhead. Would you want to push an "interface version"
onto the stack along with all of the arguments for that
subr/ftn? Or, would you just hope everything was intact?]
Salt just ensures that you can differentiate between functionally identical
values. I.e., in a CRC, it differentiates between the "0x0000" that CRC-1
generates from the "0x0000" that CRC-2 generates.

You don't see the parallel to ensuring that *my* use of "Passw0rd" is
encoded in a different manner than *your* use of "Passw0rd"?
<https://en.wikipedia.org/wiki/RMI>
<https://en.wikipedia.org/wiki/OCL>

Nothing magical with either term.
See above.
-----------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

As you've admitted, it doesn't matter. So, why wouldn't I opt to have
an algorithm for THIS interface give me a result that is EXPECTED
for this protocol? What value picking "0"?
Of course it does! You don't KNOW what to expect -- unless you've identified
where the test is performed in the code and the result stored/checked. If
you assume the residual will be 0 and make an attempt to generate a new
checksum that yields 0 and it doesn't work FIRST TIME, then, by definition,
it is HARDER (more work is required -- even if not *conceptually* more
*difficult*).

*My* example use of the different salt is for a different purpose.
And, isn't meant as a deterrent to any developer/attacker but, rather,
simply to ensure the transmission of the packet is intact AND carries
some reassurance that it is in the correct format.
Do YOU really think we all design applications that run in PCs where some
CLOSED OS performs these tests in a manner that can't be subverted?
*WE* (tend to) write ALL the code in the products developed, here.
So, whether it's the POST WE wrote that is performing the test or
the loader WE wrote, it's still *our* program.

Yes, we ARE looking at our own security cards!

Manufacturers *try* to hide ("obscurity") details of these mechanisms
in an attempt to improve effective security. But, there's nothing
that makes these guarantees.

Give me the sources for Windows (Linux, *BSD, etc.) and I can
subvert all the state-of-the-art digital signing used to ensure
binaries aren't altered. Nothing *outside* the box is involved
so, by definition, everything I need has to reside *in* the box.

DataI/O was always paranoid about their software/firmware.
They rely on custom silicon to "protect" their investment.
But, use a COTS CPU to execute the code!

So, pull the MC68K out of its socket and plug in an emulator.
Capture the execution trace and you know exactly what the
instruction stream is/was -- despite it's encoding on the
distribution media.
It shows that the check was designed without consideration of how
it might be subverted. This is the most common flaw in all
security schemes -- failing to consider an attack/fault vector.

The vendor assumed no one would deliberately alter the test
procedure. That anyone running it would willingly sit through an
extra half hour of tests ALREADY KNOWN TO PASS instead of opting
to find a way to skip that (because the test designer only consider
"sell off" when designing the test and not *debug* and the test
platform didn't provide hooks to facilitate that, either!!)

I unplugged a cable between two pieces of equipment that I had
never seen before to subvert a security mechanism in a product.
Because the designers never considered the fact that someone
might do that!

Security is no different from any other "solution". You test
the divisor before a calculation because you reasonably expect to
encounter "unfortunate" values and don't want the operation to
fail.
The counterfeiter lost the lawsuit because he was unaware (obscurity)
of the hidden SECURITY measures in the product design. This proven
by his attempts to defeat the OBVIOUS ones!
No, that's *your* naive assumption of security. It's why such attempts
invariably fail; they are "drop dead" implementations that make it
clear to anyone trying to subvert that security that their
efforts have not (yet) succeeded.

The goal is to prevent the program/device from being used without
authorization/compensation. If it KILLS the user as a result of some
hidden feature, it has met its goal -- even if a draconian approach.
If it *pretends* to be doing what you want --- and then fails to
complete some later step -- it is similarly preventing unauthorized
use (and tying up a lot of your time, in the process).

If you want to ensure the image isn't *corrupt* (which could
lead to failures that could invite lawsuits, etc.), then you
are concerned with INTEGRITY.
Because it was a bad solution that was fairly obvious in its presence:
"I can't copy this disk! Let me buy Copy2PC..."

The same applies to most licensing schemes and other "tamper
detection" mechanisms.
If you;re selling check writing software and want to prevent
FlyByNight Accounting Software, Inc. from stealing your
product and reselling it as your own, a great way to prevent that
is to ensure THEIR copy of the product causes accounting errors
that are hard to notice. Their customers will (eventually)
complain that THEIR product is buggy. But, yours isn't!

If your goal is to track your checks accurately, you're
likely not going to want to wonder what yet-to-be-discovered
errors exist in the "books" that THEIR software has been
maintaining for you.

The original vendor has secured his product against tampering.
Yes! And it is considerably easier to subvert naive mechanisms
AND SHARE YOUR HACKS!
As is a CRC on a network packet. Without having to double-check the
contents of that packet after it has been verified on the sending side!
And who wrote THAT program? Where is it, physically? Is there some device
OUTSIDE of the device that you've built that securely performs these
checks?
A forum doesn't have to be "public". FUD can scare off real sales
even in the total absence of information (or knowledge).

Your goal should always be to produce a good product that does
what it claims to do. And, rely on the happiness of your
customers to directly (or indirectly) generate additional sales.

I've never "advertised" my services. I'm actually pretty hard to get
in touch with! Yet, clients never had a hard time finding me -- through
other clients who were happy with my work. As they likely weren't
direct competitors to the original clients, they had nothing to
fear (lose) from sharing me, as a resource.

Similarly, a customer making widgets that employ some feature of
your device likely has little to lose by sharing his (good or bad)
experiences with another POTENTIAL customer (making wodjets).
And, likely can benefit from the goodwill he receives from that
other customer as well as from *you* ("Thanks for recommending
us to him!"). And, ensures a continued demand for your products
so you continue to be available for HIS needs!
Do you really think that's the sole reason for all the "secrecy" and NDAs?
I've had to sit with gummit folks and sort out what parts of our technology
could LEGALLY be exported. Even to our partners in the UK! Some of it
makes sense ("Nothing goes to Libya!"). Some is bogus.

And, thinking that you can put up a wall that is impermeable is a joke.
Just like printing PGP in book form and selling books overseas.

Or, hiring someone who worked for Company X. Or, bribing someone
to make a photocopy of <whatever>.

But, this doesn't mean one should ENCOURAGE dissemination of things
that may have special security/economic value. "Delay" often has
as much value as "deter".

A friend who designed arcade pieces recounted how he was contacted by a guy
who had disassembled ~40KB of (hand-written) code in one of his products.
He had even uncovered latent bugs (!) in the code.

But, his efforts were so "late" that the product had long ago lost
commercial value. So, it may have been flattering that someone
would invest that much time in such an endeavor. But, little else.

Nowadays, tools would make that a trivial undertaking. And, the
possibility of easily enlisting others in the effort (without
resorting to clandestine channels). OTOH, projects are now
considerably larger (orders of magnitude). OToOH, much current
work in done in HLLs (so tools can recognize their code genrator
patterns) and with "standard" libraries; I can recognize a call to
printf without decompiling any 9of the code -- folks aren't
likely going to replace "%d" with "?b" just to obscure functionality!
But, if that's the only way to subvert the secrets of those locks,
then you only have to worry about keeping that security guard "happy".
You can change your production procedures without having to redesign your
product. You don't want to embrace a solution/technology that may soon/later
be subverted (e.g., SHA1) and have to redesign portions of your product
(which may already be deployed) to "fix".

IMO, this is the downside of modern cryptography -- if you have a product
with any significant lifespan and "exposure". You never know when the
next "uncrackable" algorithm will fall. And, when someone might opt to
marshall a community's resources to attack a particular implementation.

Attacks that used to be considered "nation-state scale" are quickly
becoming "big business scale" and even "network of workstations scale".
So, any implementation that *shares* a key across a product line
is vulnerable to the entire product line being compromised when/if
that key is disclosed/broken.

[I generate unique keys for each device on the customer's site
using a dedicated (physically secure) interface so even the manufacturer
doesn't know what they are. Crack one (possibly by physically attacking
the device and microprobing the die) and all you get it that one
device -- and whatever *its* role in the system may have been.]

It never occurred to me that for an N-bit checksum, you would sum
something other than N-bit "words" of the input data.

--
Grant

If you don't understand, you are making this far more complicated than it is. I don't know what to tell you. There are no other details that are relevant. Don't read into this, what is not there.
Why? What makes a CRC an "appropriate" choice. Normally, when I design something, I establish the requirements. What requirements are you assuming, that would make the CRC more desireable than a simple checksum?
What have I said that makes you think security is an issue??? I don't recall ever mentioning anything about security. Do you recall what I did say?
The fact that they are "simple and efficient" is not a reason to use them. I repeat, what are the requirements?
I suppose there is that possibility. But when people make claims about something being good or "better", without substantiation, there's not much to learn.

If you think a discussion of CRC calculations would be useful, why don't you open a thread and discuss them, instead of insisting they are the right solution to my problem, when you don't even know what the problem requirements are? It's all here in the thread. You only need to read, without projecting your opinions on the problem statement.

For the Bootloader, I keep the CRC right after the vectors.
I keep a copy of the vectors right after the CRC, and compare
the two vector tables.
This is to always know the location of the CRC.
You want more metadata like entry point and length, as well as text
information about the image. Putting things in a header means that
location is fixed.
There are a number of checks in my bootloader to ensure that the
information in the header makes sense.
In functional safety applications you regularily check the flash
contents and refuse to boot if there is a mismatch.

/Ulf