Technical implementation of this idea is difficult to impossible, because the device controls what it sends to the host. This means the device could, as an extreme example, contain two firmware areas and a management controller / hypervisor. It could allow the valid firmware to enumerate with a valid signature and then swap over to malicious code undetected - a similar problem to Microsoft's flawed Xbox360 copy protection where the host trusts the DVD drive to authenticate discs.
Anyway, even provided someone could conceive a real implementation, there are still the same issues we've seen with signed OSes (Trusted Boot) and signed device drivers in Windows:
Who gets to be a root CA for peripheral software? How do small/homebrew manufacturers get approved? How does the CA verify the legitimacy of the people they're issuing certs to?
How do compromised certs get revoked?
What happens when the cert for a legitimate device gets stolen?
What if nobody wants to pay for a cert for their crappy fly-by-night flash drives, and users learn to "just click Install?"
Anyway, even provided someone could conceive a real implementation, there are still the same issues we've seen with signed OSes (Trusted Boot) and signed device drivers in Windows:
Who gets to be a root CA for peripheral software? How do small/homebrew manufacturers get approved? How does the CA verify the legitimacy of the people they're issuing certs to? How do compromised certs get revoked? What happens when the cert for a legitimate device gets stolen? What if nobody wants to pay for a cert for their crappy fly-by-night flash drives, and users learn to "just click Install?"