The problem there is that in usual case, the read-only access to software will not be provided directly by the hardware, but by the same software you are trying to verify.
In theory, this could be solved by verifying whole memory of the device, but that still depend on you believing that the device does not have more memory than what it should have.
Because in the usual case you want to do such verification through same interface as normal operation, both for usability reasons and to limit number of interfaces that cross the security boundary.
In theory, this could be solved by verifying whole memory of the device, but that still depend on you believing that the device does not have more memory than what it should have.