Depending on what the chip did, the CRC on a firmware image may not actually change. If the chip was just listening to the SPI lines to the BMC's load, it could just inject additional data into the stream. The flash chip on the board could be 100% legit, but the final image loaded on to the BMC might be malicious. Do you really CRC the entire BMC environment after boot, or just check the image when you go to update the BMC?