Frankly, if you've got untrustworthy software with that level of access and a threat model dangerous enough to throw out the hard drive, you'd probably better throw out the whole computer instead. In addition to the hard drive controller, malicious code could persist in the UEFI firmware, the graphics card firmware, or even in the Intel IME/AMD PSP subsystems.