I just tried to make the LUKS encrypted root filesystem read-only, as outlined here (root fs overlay). But after reboot, the zymkey is no longer bound (console says: ERROR: no zymkeys installed.)
Is the zymkey somehow bound to (some ID of) the filesystem? Has anyone else tried this?
Thanks in advance.