My understanding (which might be wrong, crypto is a complex topic and i am an amateur) is that homomorphic would hide the data being worked on from the algorithm working on it. Here we want to verify the (non-secret) algorithm has been approved (code signing) which we then run on non-secret data. I don't think homomorphic encryption can help with that since its kind of a different problem.
The issue here, of the key holder leaking the key, also seems impossible to work around in general, since the requirements are: 1) there exists someone who can sign code. 2) that person cannot screw up (e.g. leak the key) and allow the wrong code to be signed. These are pretty contradictory requirements, that no amount of crypto can fix. Ultimately it is a social problem not a technical one; there is no full technical definition of misusing a key. There are things that can help - like HSMs, splitting the key between multiple parties, having better methods of revoking and replacing compromised keys (hard without network access and an unwillingness to brick old devices). Not the same domain, but AACS is an interesting example of a system somewhat resiliant to key compromise.
There's a good chance that I'm conflating some ideas here, but I think there might be a kernel of something that isn't completely useless.
I'm not sure if it's possible (given that there's overlap with public key/private key encryption it may be), but I think that if you could produce a homomorphic computer capable of plain text export, this would be a resolvable problem.
The issue here, of the key holder leaking the key, also seems impossible to work around in general, since the requirements are: 1) there exists someone who can sign code. 2) that person cannot screw up (e.g. leak the key) and allow the wrong code to be signed. These are pretty contradictory requirements, that no amount of crypto can fix. Ultimately it is a social problem not a technical one; there is no full technical definition of misusing a key. There are things that can help - like HSMs, splitting the key between multiple parties, having better methods of revoking and replacing compromised keys (hard without network access and an unwillingness to brick old devices). Not the same domain, but AACS is an interesting example of a system somewhat resiliant to key compromise.