Not all of the functionality is in the firmware though. You can put stuff in the silicon itself that allows backdoors.

It's very difficult to inspect a laid out chip for nefarious elements - there's too much of it to do manually. Having a secure supply chain is probably the best way to prevent that happening.

Which is not to say that I support this rule - it sounds like another import weapon trump can swing against people who aren't his friends.