Backdoored firmware isn't about updates. It's about rootkit or evil maid attacks that install backdoored firmware that has been signed by the vendor. If you're using your own trust root then a 3rd party can't create a signature, even under duress. Thus there would be less of an incentive to pressure the vendor.
Updates are a separate concern since you'll want them for bugfixes. So they should be reviewable, open source. And then you check the vendor's signature and replace it with your own if you want. At least that's how things should work.
Updates are a separate concern since you'll want them for bugfixes. So they should be reviewable, open source. And then you check the vendor's signature and replace it with your own if you want. At least that's how things should work.