How to make Host Live RO?

Hello,
I want to have live mode on the host for Whonix KVM, so Using Debian 10.10. I’ve installed grub-live for that purpose, which worked all fine and I got the new entry in the bootloader. But when I run the livecheck.sh I get the following output:

user@debian:~/Downloads$ sudo sh livecheck.sh
[sudo] password for user:
/usr/share/icons/Adwaita/16x16/status/dialog-warning.png
Live
Live mode is enabled but it is still possible to write to the disk. Please power off the machine and set the disk to read-only, if possible. See: Host Live Mode: Boot existing Host Operating System into Live Mode or click on the icon for more information.
x-www-browser Host Live Mode: Boot existing Host Operating System into Live Mode
x-www-browser Host Live Mode: Boot existing Host Operating System into Live Mode

How can I make the drive read-only for live-mode on Host?
thanks in advance.

So wait, are you trying to make the host read-only, or the virtual machine in KVM read-only? If the latter, consult this link.

Read_Only_Mode Wiki

I’ve not even been able to get the KVM images to start when using host-live mode. Did you morph Debian 10.10 into KickSecure or just leave it as default Debian?

For VMs it’s possible because the virtualizer supports configuring the virtual hard drive as read-only.

For the host, I don’t know. Quite possibly requiring different hardware. Consider:

Better:

Which hard drives support physical write protection switches?

Alternative (worse):

Which BIOS / firmware comes with hard drive write protection switches?

(How can one run lsblk on the host showing all entries in the RO column as 1 (meaning read-only)?)

What livecheck.sh is doing is just looking at the output of lsblk and checking all entries in the RO column are 1.

sudo /bin/lsblk --noheadings --all --raw --output RO

Also see https://github.com/Whonix/whonix-xfce-desktop-config/blob/master/usr/share/livecheck/livecheck.sh script comments.