True, but it's turtles all the way down. There is lots of non-reprogramable firmware in what you call "hardware". The recent article here pointed out the 8087 (an old floating point co-processor) had so much firmware (for the time) Intel had to use a special type of transistor to make it fit. Modern CPU's have many such tiny CPU's doing little jobs here and there. I'm being you didn't even know they exist. They not only exist, they also have a firmware programmed into ROM's you can never change. The bottom line is you have to trust the manufacturer of the silicon, and that isn't much different to trusting someone else who loaded firmware into the device.
The fact that there is always something you must trust in a device, as opposed to being able to prove it's trustworthy to yourself by just looking at it is so well known it has a name: is called the root of trust.
The interesting thing is it can ensure the root of trust the only thing you need to trust. The ability to do that makes your statement factually wrong. In fact it's drop dead simple. The root of trust only need let you read all firmware you loaded back, so you can verify it is what you would have loaded yourself. TPM's and secure boot are built around doing just that. Secure boot is how the banks and whoever else know you are running a copy of Android produced by Google.
Hey pabs, think about it. You know this doesn't work.
It doesn't work for the same reason the electricity company doesn't let you reprogram your electricity meter. Unlike the raucous response here as far as I far as I can tell, no one complains about that arrangement, despite the fact the meter is on your property, on land you own, and you effectively pay for it. They put up with it because of want the electricity, they know the electricity can't trust all their customers with metering it, and when it's all said and done putting a small box on their property the electricity has absolute control over is hardly a big deal.
It's exactly the same deal with your computer, or should be. There is a little area on a device you own that you have no control over. Ideally visible and running open source software with reproducible builds, so you can verify it does what it says on the box, and yes neither you nor anyone else can change it, so it meets your condition.
But it's purpose doesn't. It's purpose is to load the equivalent of electricity meters, which are software other people can change and you can't. Thus this area on the your device carves out others areas it can give ironclad guarantees to a third party they solely control, you can not reprogram, and you can't even see the secrets they store there (like encryption keys). These areas don't meet your definition. The third party can reprogram them, but you can't, you can't even see into them.
These areas can do things like behave like a credit cards, be a phones eSim, house a FIDO2 key that some their party attests is only ever stored securely.
Currently we depend on the likes of Google and Apple to provide us with this. I'm not sure Apple can be said to provide it, as they insist on vetting everything you can run that doesn't live in a browser. Google does better because you can side load, if you are willing to jump through hoops must people can't. Wouldn't it be great if debian could do it too? But to pull that off, debian developers would have to be believe allowing users to hand over control of a space on their computer they can't see or alter, to a third party debian didn't trust somehow works open source. It's not a big jump from the current firmware policy.
I can see that some verification is necessary. However i still think stuff that I can't be reprogramm should be heavily regulated. I want it to be kept at minimum.
Samsung already installs very suspicious auto updating, can't be removed without root, apps and ads. This is the natural consequence of locking out the users capabilities. If you want to get rid of them completely, youd have to root it, breaking compatibility with banking apps. Thats the world you are rooting for.
The fact that there is always something you must trust in a device, as opposed to being able to prove it's trustworthy to yourself by just looking at it is so well known it has a name: is called the root of trust.
The interesting thing is it can ensure the root of trust the only thing you need to trust. The ability to do that makes your statement factually wrong. In fact it's drop dead simple. The root of trust only need let you read all firmware you loaded back, so you can verify it is what you would have loaded yourself. TPM's and secure boot are built around doing just that. Secure boot is how the banks and whoever else know you are running a copy of Android produced by Google.