There are no such things as purchase arguments. Buy an Apple product and see what i mean. They only acknowledge there is an issue until the news papers the courts take over the issue. Actually it is the other way around, most of the time you will accept a EULA without reading that states “we are not resposible for any damage that may be caused” for most of the software you use every day.
Sorry but even if you use SHA256, if the main server is comprimised, the attacker can replace firmware and update the checksum values. Using a different checksum algorithm does not help with that. Also, unlike other vendors, GL uses open source firmware. Anyone can download the code, check it, audit it and then compile and flash it. There is no need for a lot of checks. You can see an example here:
You also should know that if a router is comprimised from inside a network, the check code can be replaced and firmware flashed. The only fix is to use Secure Boot like new pc’s have, but that is not implemented in any router apart from high end Cisco ones.
You can also check here: