You need more than a hash.
If you just do a hash, you have no guarantee of integrity of the data as I can tweak it and run the hashing algorithm again and you'd have no idea I've done it.
You need a cryptographic hash, something along the lines of a HMAC-SHA256 (although that requires symmetric keys which could be problematic for public verification). What I'd do is implement a public / private key signing pair (Garmin could publish their public key for their devices which would allow anyone to verify that the signed file is valid but unless you crack Garmin's private key no one could tamper with it) signature system. ECDSA would be a good choice as it's pretty robust. RSA would also be a good choice (and probably better for a Garmin as it's easier (read cheaper) to accelerate in hardware).
If you just do a hash, you have no guarantee of integrity of the data as I can tweak it and run the hashing algorithm again and you'd have no idea I've done it.
You need a cryptographic hash, something along the lines of a HMAC-SHA256 (although that requires symmetric keys which could be problematic for public verification). What I'd do is implement a public / private key signing pair (Garmin could publish their public key for their devices which would allow anyone to verify that the signed file is valid but unless you crack Garmin's private key no one could tamper with it) signature system. ECDSA would be a good choice as it's pretty robust. RSA would also be a good choice (and probably better for a Garmin as it's easier (read cheaper) to accelerate in hardware).