Idea: hardware-write-protected partition for kernel — how could Ubuntu support it?

[Vasiliy]

Hello.

I’d like to discuss a storage concept that could improve kernel 
integrity and reduce write wear on SSDs, and ask what it would take for 
Ubuntu to support it.

*The idea:*
A hybrid SSD with two internal partitions:

  *

    Partition A: hardware write-protected (similar to ROM or OTP) —
    intended for OS kernel, bootloader, critical system files. Immutable
    after initial programming.

  *

    Partition B: standard NAND flash — for applications and user data.
    Write-heavy data (logs, temp files, cache, swap) would be offloaded
    to a separate HDD.

*Potential benefits:*

  *

    Kernel rootkits and bootkits become physically impossible without
    hardware access.

  *

    SSD lifespan extends significantly, as writes are redirected away
    from the main flash.

  *

    Boot could be faster (kernel executed directly from protected memory).

*What I’m trying to understand:*

  *

    What changes would be needed in the Ubuntu installer to detect such
    a device and place the kernel and bootloader on the protected partition?

  *

    Are there existing mechanisms in the kernel or initramfs that
    already assume the system root is writable? What would break?

  *

    Would this require modifications in the boot chain (GRUB, Secure
    Boot, etc.)?

I’m not seeking funding or patents. Just curious about the technical 
implications and whether the community sees value in this direction.

If the idea is worth exploring further, I can provide more details.

Thank you.

SSD Evolution Initiative
ssd.evolution at gmail.com

Kuvshinov Vasiliy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20260321/775a91be/attachment-0001.html>