I'm including the sha512 files now because I'd rather that users actually verify it. The updater application's author rehosting releases being one major reason. I don't think he'd tamper with it, but better safe than sorry. Web servers get hijacked all the time. Thanks.
As I look more and more at HANS I realize I can't use it as-is, so no inbuilt solution for a while. Though on the topic of romfs redirects, etc -
@Steveice10 PR'd offsets for 11.0 FIRMs to BootNTR. If you build BootNTR from git you can use NTR with the latest native FIRM, it seems. I'd still strongly recommend against this due to it being effectively dead (BootNTR just gets NTR into memory.)