So Trezor users were sent phishing emails at the beginning of April, which took users to a malicious site to download malicious firmware that would copy their seed.

What I don’t understand is, couldn’t Trezor firmware not allow any updates if the firmware isn’t properly signed?

That seems like a very easy solution to me, and a great security feature to have.