I honestly don't see why the CPUs couldn't from the factory contain a public key from AMD, and from there AMD issues certificates to firmware vendors to sign their firmware with. This would allow the CPU to 'verify' the certificate chain of the firmware that is being used without locking it to a specific vendor. This decreases security a little because the leakage of a single signing certificate means you can malicious firmware on any device but it seems like its much more consumer friendly.