They should, indeed, but do they ? I mean, with huge volumes of data on small devices, isn't there some rationale at some point that could lead to limiting the verification ( to avoid too much resource consumption ) ?

Note that I have no idea on how much resources it consumes to perform checks on signature and hash computation