Overlay file system and boot partition read only for Raspbian on S905X


Raspbian allowed an overlay file system and making the bootloader read-only to harden the OS. I’m wondering if the same is possible with the Potato.
I tried both file-system and bootloader at the same time - but guessed that at least the bootloader will not work due to Gurb. I’ll reflash the SD to see if the file system alone works.
Is a similar easy-to-use script available for the potato?

As always thanks a lot for the great support!