However, what about vulnerabilities within the firmware itself? There could be malformed sata commands, magic bit sequences, etc. that could very well allow new code to be placed on the platters and hidden from the host OS. Or data to be ferreted away for later retrieval.
So an immutable firmware would close one more door, but there are possibly so many more open.
To me, there is nothing that can mitigate these sorts of risks, barring not using machines. Sometimes, even as a systems software engineer myself, a Frank Herbert Dune-esque future seems positively alluring.
Which is why I am a firm advocate of open source software (though finding ASM level programmers to survey it is probably getting pretty hard to do :) One can then predict such vulnerabilities and repair them, with many, many more eyes... It keeps everybody legit. That is the primary reason a nix OS is so much more bullet-proof. Too many people to bribe and too hard to sneak malicious code past many sharp-eyed goalies.
So an immutable firmware would close one more door, but there are possibly so many more open.
But closing what you can is necessarily better than what came before.
Dune-esque future seems positively alluring.
Meh. too much sand and no clearwater streams... not for this mountain boy. ; )