PSP related "Ryzenfall" requires admin level access and vendor-signed malicious driver
Fallout requires admin level access and vendor-signed malicious driver
Chimera requires admin level access and vendor-signed malicious driver (also they claim that because some asmedia controllers have "bad firmware and software" (according to CTS Labs anyway), Promontory clearly has them too)
The claim isn't that the driver is malicious, just that a signed binary is part of the exploit. There are classes of attack that can exploit vulnerabilities like the loader authenticating a payload, but flaws in validation, check-once and switch, or loading to an area that can be modified can allow for a hostile payload to piggyback on the signed driver after the signature check. One of the PS3 hack variants did something similar, I think.
Some alternate possibilities are a compromised or negligent third party leaking their key, or a hacked PSP from the Masterkey exploit being able to leak out values that can be used in later ones. These seem so salacious that I would have expected them to be used to embarrass AMD further, particularly the latter. However, this doesn't seem necessary per the claims.
That there are security analysts with their names and places of work now firmly in the legal crosshairs if they willfully lied about seeing working POC for the exploits is what I think gives some sign this is more than just a hoax.
For AMD's Pro and EPYC lines, the excuse that you need admin rights is not good enough for the TPM and SEV elements of the platform, particularly since the PSP and southbridge allow for un-scannable and persistent exploit. A good chunk of that value-add is the idea that the hardware is supposed to be more resilient against compromised admins or hardware intercepted in transit.
A throwaway install can give someone admin rights, with persistence negating software wipes as a mitigation.