I didn't know that, thank you!
Yes, you can and
should.
A good hardware wallet manufacturer will actually advise and instruct its customers how to download the firmware, verify its integrity and flash it. It should also make sure to have
reproducible builds; this means being able to easily check that the firmware download matches the code.
It should also be easily possible to compile it yourself, alternatively.
The guys over at
WalletScrutiny check popular wallets from time to time to see whether their builds (firmware blobs / binaries) match the open-source code. In case someone cannot / doesn't want to do it themselves, and they trust them, that's a good resource.
I can't access that website, seems it's down due to a DMCA takedown notice. But I found
a good guide on Reddit.
Honestly I find it downright malicious that Ledger's defensive message control boils down to lying about the current state of the hardware wallet ecosystem (ie. claiming that consumers always have to trust hardware wallet manufacturers while that's decidedly not the case). They are trying to normalize bad practices in terms of both security and privacy, making them the very antithesis of what one should expect from a hardware wallet company.
I really suggest you to watch
podcast with Pascal Gauthier, the CEO of Ledger. Pascal Gauthier basically says that 99% of people can't check and analyze open-source code and they have to trust other guys, so he sees no point in it. Also, he says that crypto users think that KYC procedure is a very normal procedure and almost 95-99% of people have already done KYC on crypto exchanges or in other services.
Basically, he says that people in crypto world have accepted KYC and it's a normal here.