El Thu, Aug 25, 2016 at 07:23:45AM +0100, Luke Kenneth Casson Leighton deia:
'i've set up read-only rootfs on debian before, it was fun to do. needed it because i was booting off of CF cards. used somebody else's scripts... where are they... ah ha!
You mean software read only, right ? (as in file system mount flags) That's good but we were talking hardware read only which would seem more secure. If one has the kind of compromise that secure boot or verified boot try to protect against, the attacker can possibly remount read write or something.