Yes, and I hope You go all the way to the linux kernel...
Scratch that, you better break into intel and audit their microcode personally.
Anything less is just being irresponsible about your dependencies...
There are companies that are doing this. Oxide Computer is one of them. Their customers are going to thank them when it turns out the Equation Group has a backdoor in Intel's BMC.
Our code is open source, so you can choose to independently verify that if you desire.
We have attempted to minimize binary blobs to a pretty extreme extent. Unfortunately there are a couple of things from vendors that are impossible to remove, but we have made progress on avoiding as many of them that are avoidable as possible. bcantrill did a talk about this (and some other things) https://news.ycombinator.com/item?id=32911048 if you're curious.
That said your overall point that you’re always trusting somebody is absolutely valid.
