AMD (and Intel and everyone else) processors already have an HSM inside for confidential computing so use that? I would hope the HSM isn't as badly implemented as this update mechanism, but then again ...
AMD Software Engineers giving AMD Stupid Gaming Accessory Software Engineers access to a signing system backed by PSP seems like a much worse outcome than trusting HTTPS, really. Like, there are definitely intelligent and secure ways to do this, but this one in particular is overkill with a huge blast radius when it is (invariably) done incorrectly.
Confidential computing is a whole thing with a key in each processor and a chain of trust and a way to remotely attest that your software is running in a secure enclave. All the vendors do it differently (sadly) but it's very much a solved problem.
There was a time when RDRAND on Zen gave all zeroes, or something, so eh...
I'm happy enough with TLS introduced: knowing the server I'm reaching for updates is actually 'amd.com'. Signatures would be nice, sure, but I wouldn't consider them nearly as critical or useful until now. Before we get too caught up in signatures, however, I'd like to see their new/improved updater actually take precedence.
As things stand, I'm not sure key rotation would go well... the updater doesn't mind itself, apparently.