[the8472]

It's about the continued leverage they have by holding the key after you bought the CPU. They could be forced by secret court to sign backdoored firmware. And of course you can't load your own firmware, only whatever they release and sign. If they're generous they'll release a stripped-down version, sure, but that's still their choice, not yours.

[mjg59]

So, uh, don't update the firmware? There's no need for them to backdoor the CPU via the PSP when they could just do it via a microcode update.

[the8472]

Backdoored firmware isn't about updates. It's about rootkit or evil maid attacks that install backdoored firmware that has been signed by the vendor. If you're using your own trust root then a 3rd party can't create a signature, even under duress. Thus there would be less of an incentive to pressure the vendor.

Updates are a separate concern since you'll want them for bugfixes. So they should be reviewable, open source. And then you check the vendor's signature and replace it with your own if you want. At least that's how things should work.