I've heard that Xbox used HSMs for the signing keys way back in the days of the original Xbox. I'm not sure why they'd have stopped.

And if Xbox was doing that 20 years ago, I'd expect Apple to be as well.

It'd make sense for Sony, but some of their approaches to software security have been lol inducing, so it wouldn't shock me if they aren't.