So are you saying that if you think it is impossible, it is really n impossible?
The HPA is only used if software is written that uses it. If software does not issue the ATA command specifically for the purpose of making the HPA Readable, and if software does not copy from the HPA area and execute it, than malware cannot "hide" in the HPA without a piece of malicious code that is designed for those two functions.
What I am saying is that
it is impossible for a piece of malware to hide exclusively within the HPA without malware being installed outside of the HPA designed to use it:Premise 1: In order to access the HPA, the ATA Command to set the max Address is required. If this command is not issued, than the HPA will not be accessible for reading nor for writing.
Premise 2: You cannot execute code, malicious or otherwise, that is not accessible. If you cannot read from an area of a disk, you cannot copy that data into memory to either execute or use it.
Premise 3: No current, relevant Operating Systems include code that issues ATA command and make the HPA readable, nor do they then read from the HPA and execute code therein.
Therefore: any Malicious code resident in the HPA is going to require malicious code outside the HPA that is designed to access it.
For illustrative purposes, let us assume that a Hard Disk Drive has malicious code present in the HPA.
If we wipe that drive with DBAN, the malicious code will remain.
However, if you install an OS on the drive, that HPA is not accessed. It is outside the addressable area of the Disk and any ATA command issued against the Drive controller is going to fail the request because the appropriate command to set the max address beyond that specified in the ATA Identify command was not provided. That malicious code will continue to exist but it's existence is not of particular consequence because it cannot execute.
Any claim made that malware can reside exclusively in the HPA; for example, if you can wipe the drive and then get reinfected from the HPA- is false because there is no factual or logical basis upon which to make that claim. It is as reasonable as claiming that a PC can get infected from a floppy disk sitting on a desk across the room, because that data would be just as accessible.
Whether it might be a tool used by Malware is not a question. It already is, just as it was also the case that registry entries were hidden from registry editor by including null characters.
But Floppy disk viruses were able to exist because computers purposefully looked for and executed code on floppy disks at boot time. Systems do not look for an execute code in a hard drives HPA. So it is not an infection vector, instead it can be a location where infections store a payload.