Conversely I think events like this make things more secure. It highlights the danger of having a third party control what should be your keys.
For the sake of convenience we ended up with an inversion of control. There can still be a chain of trust. However the owner of the machine should be the root of the chain, not the vendor/manufacturer. the vendor should sign their firmware and the owner should authorize that sig on the machine.