Wondering what possible risks there are aside from those which are internal to blockstream itself when using this tool here:

https://jadefw.blockstream.com/upgrade/fwupgrade.html

For example, is there a way for a bad actor to somehow fake this web address and cause users who are on this page:

https://help.blockstream.com/hc/en-us/articles/4408030503577-Upgrade-Jade-firmware

to be directed to a page that is supposed to be the genuine update page here:

https://jadefw.blockstream.com/upgrade/fwupgrade.html

but rather is a malicious page that will inject malicious firmware code into the hardware unit?

Additionally, what are the best practices to determine the authenticity of this page in the first place?

https://help.blockstream.com/hc/en-us/articles/4408030503577-Upgrade-Jade-firmware

Would it be sufficient to contact Jade support and ask for confirmation this is the correct and authentic web address?

I ask all of this because the instructions here on verifying the download for Green here do not provide enough detail for me to carry out a verification operation:

https://help.blockstream.com/hc/en-us/articles/900002174043-How-do-I-verify-the-Blockstream-Green-binaries

I tried downloading gpg4win and following instructions found in a video by BTC Sessions, but there are 2 files in the video that are not included in the release from Blockstream, so I don't know how to proceed.

I've asked blockstream for more detailed instructions, but haven't heard back yet since asking over 48hrs ago.

Any guidance is much appreciated!