Hello there,
I am guessing that you refer to EU legislation.
So the way it works for EU is if you voluntarily claim compliance to this 62304 than you benefit from the pre-assumption of compliance to the essential requirements of the MDD, only to those are defined in the corrigendum of 62304. On the other hand you need to apply the measures given in 62304 of course where appropriate to your product life-cycle.
GAMP5 is another angle on the subject of how to validate in general software used in pharmaceutical industry. So GAMP has no direct relation to the MDD, and is more like a certain way to address the requirements given for manufacturing and service provisioning related software used by the manufacturer in ISO13485. Such a huge difference!
I think if you are the manufacturer and you incorporate that bit that includes the firmware, all you have to do to apply the measures given in 62304, or in case you have not claimed voluntarily compliance to 62304 than you need to set your way to determine how to comply with the essential requirements in the scope of the firmware.
From 62304 perspective, if you are the manufacturer and that bit of firmware comming in, that is more like a SOUP for me, however there could be certian business and supplier relationship kind of situation when you still could consider it as a non-SOUP in case you somehow ensure design control till the extent of your need over their development activities.
That's me, hope it helps.
Cheers!