@wolf480pl >resets PERM_WRITE_PROTECT
That's implemented by the reader, not the card, so you can just ignore than flag.

>the ability to write-protect it in such a way, that un-write-protecting requires a password.
SD cards contain a microprocessor running proprietary software, thus an attacker can really just reprogram the SD card and ask it to dump out all blocks.

You could write free software for a SD card that implements such functionality, but an attacker could still reprogram it.


You're better of encrypting the cards with LUKS2, as that would mean that any attacker that doesn't know the password isn't able to make specific edits to files (there are still some attacks against AES-XTS where you can overwrite a block and LUKS can't tell, although there is a optional journaling feature that can detect such modifications).