A write protect will not defend device firmware, at least not for something like a HDD. I know a former drive engineer, he told me that much of the firmware is actually on the disk, and extensible. He noted that most modern drives remap and move data from rough areas to good areas, all within the controller, transparent to the OS.
What this means, is that if someone knows how to hook the drive controller into code stored on disk, their software can install itself, then hide itself. Drives have had large ram caches for sometime, so probably pretty easy to whittle away a bit of that ram for some underhanded activity in the controller.
Basically there is no practical way for us end users and even engineers to control the entire chain. Many subsystems in the current pc have multiple teams working on just a single subsystem - and that is just the software side. One person to verify and vet all of the software would be impossible, not to mention the hardware itself.
So in digital systems, trust is a very flimsy concept, and it takes only a single line of code to open a hole. There are billions of lines of code in a PC.
Also, I have seen mention of “airgap” security. Wrong. No such thing exists. Modern cpus, gpus, controllers, etc are fast enough that they can create a radio transmitter out of the circuit board they are attach too. Just toggle a line rapidly, and you have a transmitter. Infect the target, have wet assets drive by that office every night with a modem that can grab the radio signal.
Thank you for your post - But you must understand that the above is in and of itself an engineering decision.
There is no real reason not to make card BIOS mechanically protected, outside of the inconvenience of manual switching. I understand BIOS extensibility, and I really do wish it was true that such info was kept on the platters - If it were true, then I should be able to swap cards between hdds (like we did back in the day) to effect repairs and retrieve data.
The size of any BIOS I am aware of can easily fit on on-board chips on the card with plenty of room for BIOS revisions, especially considering the size of flash chips available today. That part (the actual executable programming) should be all that is on the card, and that should, by all, means be protected by jumper.
Look at computer BIOS for comparison - writable to an extent, so extensible, but the actual BIOS itself must be flashed - all on-chip. Controller BIOS is no where near the size of Computer BIOS, and computer BIOS is still quite tiny (if it is still CMOS)
This issue has been coming for a very long time. I can remember this being predicted way back when vid cards started going flash enabled. Shoot, they won't even write protect thumb drives for Pete's sake... That's just dumb.