It seems like there's a mistake in the diagram. The "notary → mirror" arrow should be replaced with a "notary → go command" one, because the go command shouldn't trust the mirror when it comes to cryptographic hashes.
I think the mirror can pass through the public signature provided by the notary. That cannot be spoofed if you have a trust chain for the notary to ensure the mirror has not tampered with the module.
