The code at the entry point needs to be small, reliable and never require an upgrade in the field. This code would run a CRC on the primary U-boot image
THe code at the entry point that is small, reliable and never requires an upgrade in the field is U-Boot. Just don't touch it. You don't have to.
...insert bullet, spin cylinder, point at foot, pull trigger...
Hopefully, we will never need to update. But if we do, it'd be nice to be able to reduce the risk of updating as much as possible.
What you typically do (assuming the hardware supports it) is to have two banks of flash memory that can be swapped using some jumper or switch or so.
When it costs a grand just to have a service tech walk in the door, this becomes an unacceptable option.