The problem there is that in usual case, the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify.
In theory, this could be solved by verifying whole memory of the device, but that still depend on you believing that the device does not have more memory than what it should have.
Because in the usual case you want to do such verification through same interface as normal operation, both for usability reasons and to limit number of interfaces that cross the security boundary.
The usual trick is to ensure that the firmware + user data fills all available storage space on the hardware so there's no room for other code, then add time limits and complexity to the verification code so they can't do any tricks with stuff like compression.