This is a question in general regarding firmware. I always noticed that a firmware is typically "signed" by the devices parent company. For example the switches firmware is signed by Nintendo, the PSP's was signed by Sony and so forth. My question is what does that exactly mean and why is it so difficult to spoof a signature? I understand if no one wants to put forth the effort and answer but I've always wondered. I assume it has to do with encryption and what not.
You can also start by reading this older thread and see if it satisfies your curiosity enough (won't let me post this if I make it a URL...):
gbatemp.net/threads/ps3-psp-private-keys-released.272700/
It's good post to read, but it look like an ancient legacy. So I added talk more, and easier example with Ninty console.
[Wii era] - All kind of contents (Disc data, Firmware Update, other all wii shop download) encrypted/signatured with private-key that Ninty have, and can be decrypted with public-key that name as "common-key" which is inside of Wii hardware. and they discover the signature bug that called "Trucha Bug" that can sign the un-autherized contents. Once we get the key from hardware, It's easy to decrypt the contents. (but still you can't encrypt/sign the contents by your own unless you have a private key, and still we didn't know what the private key is until now) You just can download official contents(like firmware) from NUS* by your own (even if you don't have the console) and had a key, decrypt it, and understand it, and sign it. it's done.
I should say it SECURITY LEVEL 3.
NUS*: Nintendo Update Server
[3DS era] - Looks similar with wii era, but acutally there isn't 'common-key' that you could found inside of the console. Instead, they use the internal key function that called "key scrambler" when they needed. So if wants to decrypt the contents, you need console and to use the key scrambler previliage by take over the console kernel. Once you take over the console by using the exploit (usually savegame exploit), you can use the key function. And then you can decrypt the contents and signature feature patch. After few years later, someone found the BOOTROM bug, using an exploit now it looks everyone can easily take over their console. (Boot9strap/Firmhax). SECURITY LEVEL 2.
*: There is more complicate method when they update their security levels are going up other security still remain but I just say for easy one. So don't blame it.
[Switch era] - We maybe think this similar with other, BUT you even can't get contents directly from server. Because they need key/authentic to accept the download the from their server. (It's relate with TLS/SSL server protocol inside the console, and they change the server from 3DS era) So you can't get a firmware or digital content unless you have the console and previlige to use this feature. but we don't what is the key and we don't have previlage to use the console to take over. (basically Ninty block the savegame exploit method by using block to save share feature all of your switch game) So now you can't get decrypt the contentsor can't get anything unless you have the one of the above. And all cytography/security function is still unknown for now (few of them known but not all).
So you are now in here. SECURITY LEVEL 1.
EDIT: I'm not a expert in cytography/security and it can't be explaining all about their system, but that just easy explaining about Ninty console signature/cryptography. So don't blame it if it something wrong.