Updating the domain name the server talks to, updating the security system (like supporting new versions of TLS, updating certificates, etc).

TBH, I wouldn't trust a custom hardware chip that can decrypt the traffic and have it last for the life of the product.