It's never going to be 100% guaranteed secure, but it depends on if you're trying to stop 99.99% of users or 99.9999999% I suppose : )
I guess you're planning to pass some random values and expect the other side to hash it with some other content, send it back, and then compare the result with your own local hash? It means you need to have a very good random number scheme, so you need to consider that too, not just SHA-256. The procedure is essentially 'HTTP Digest' equivalent if you want to do some research on it. It's not perfect but secure enough unless you're apple (their annoying chips in their iPod video cables uses full-blown certificate based authentication as far as I can figure out, before I ditched apple products).
I don't know about SHA-256, but definitely for a fewer-bit version (SHA-1) you can find example C source code in an RFC doc if you google it. The C code may not be ideal for a microcontroller (I've not checked) but it's a good start, to be able to adapt it.
Since it's never going to be 100% secure, I'd suggest maybe a far simpler scheme is sufficient, to lock out 99.9% of users, e.g. just some stream of bytes, maybe a simple rolling code if you really want. Needs hardly any memory.
(Bear in mind people have cracked DVD, blu-ray etc, not that I know how..).