Page 16 :
Firmware images for specific devices are, by definition, vendor specific. It is therefore required that target addresses, record sizes, and all other information relative to supporting an upgrade are encapsulated within the firmware image file. It is the responsibility of the device manufacturer and the firmware developer to ensure that their devices can consume these encapsulated data. With the exception of the DFU file suffix, the content of the firmware image file is irrelevant to the host. The host simply slices the firmware image file into N pieces and sends them to the device by means of control-write operations on the default control endpoint.
Page 38 :
Any file to be downloaded must contain a DFU suffix. The purpose of the DFU suffix is to allow the operating system in general, and the DFU operator interface application in particular, to have a-priori knowledge of whether a firmware download is likely to complete correctly. In other words, these bytes allow the host software to detect and prevent attempts to download incompatible firmware.
In no case is the DFU suffix ever sent to the device. The host application verifies that the bytes occupying the ucDfuSignature field contain the specified values, and that the CRC over the file matches the dwCRC field. If these two criteria are passed, then the host can presume that the firmware upgrade file is intact. The host application then uses the DFU suffix data to perform appropriate validation and screening. During the Transfer phase, the contents of the file are sent, excluding the DFU suffix data.