Best way to validate a WinCE OS image (.bin) file?

We have a Windows CE 6.0 based product that allows for firmware 开发者_开发知识库upgrades through a web interface. I want to perform a sanity check on the new firmware image to be sure that it is valid. How should I perform the validation?

I see in the BIOSLOADER code, there is support code for decoding a BIN file. I suppose I could massage that to perform the validation. Is there a better way?

Thanks!

The safest way is to wrap the firmware blob in a container format which supports some form of public key signatures.