If you haven't updated yet, here is how I would do it:
- generate a new RSA keypair
- patch UsbUpdater with the new public key (so involves no code patching)
- replace UsbUpdater in cramfs.Fsk
- sign both cramfs.Fsk and cramfs.Rootfs using the new private key and insert results in checksum
- run the update