What macOS are you using? Modern macOS [Big Sur, Monterey] already does this; the System disk is read only & cannot be overwritten or interfered with even by an admin or root user without some very specific & 'dangerous' steps to disable the protection then re-calculate the secure checksum^[1]. If the System detects any tampering, it will only boot into Recovery mode & will not allow any other operation except re-installing the OS. This does not affect user data areas at all.

Even before that you haven't needed to nuke & pave a Mac in a very long time. You can always re-apply the same OS from Recovery if you're uncertain of its integrity.

macOS is not Windows XP. It doesn't get gradually worse over time, or need reinstalling every 6 months, just in case. There is absolutely no need.

^[1]See Can I mount the root (system) filesystem as writable in Big Sur?

What macOS are you using?
Modern macOS [Big Sur, Monterey] already does this; the System disk is read only & cannot be overwritten or interfered with even by an admin or root user without some very specific & 'dangerous' steps to disable the protection then re-calculate the secure checksum^[1]. If the System detects any tampering, it will only boot into Recovery mode & will not allow any other operation except re-installing the OS.
This does not affect user data areas at all.

Even before that you haven't needed to nuke & pave a Mac in a very long time. You can always re-apply the same OS from Recovery if you're uncertain of its integrity.

macOS is not Windows XP. It doesn't get gradually worse over time, or need reinstalling every 6 months, just in case. There is absolutely no need.

^[1]See Can I mount the root (system) filesystem as writable in Big Sur?

What macOS are you using? Modern macOS [Big Sur, Monterey] already does this; the System disk is read only & cannot be overwritten or interfered with even by an admin or root user without some very specific & 'dangerous' steps to disable the protection then re-calculate the secure checksum^[1]. If the System detects any tampering, it will only boot into Recovery mode & will not allow any other operation except re-installing the OS. This does not affect user data areas at all.

Even before that you haven't needed to nuke & pave a Mac in a very long time. You can always relay the same OS from Recovery if you're uncertain of its integrity.

macOS is not Windows XP. It doesn't get gradually worse over time, or need reinstalling every 6 months, just in case. There is absolutely no need.

^[1]See Can I mount the root (system) filesystem as writable in Big Sur?

What macOS are you using? Modern macOS [Big Sur, Monterey] already does this; the System disk is read only & cannot be overwritten or interfered with even by an admin or root user without some very specific & 'dangerous' steps to disable the protection then re-calculate the secure checksum^[1]. If the System detects any tampering, it will only boot into Recovery mode & will not allow any other operation except re-installing the OS. This does not affect user data areas at all.

Even before that you haven't needed to nuke & pave a Mac in a very long time. You can always re-apply the same OS from Recovery if you're uncertain of its integrity.

macOS is not Windows XP. It doesn't get gradually worse over time, or need reinstalling every 6 months, just in case. There is absolutely no need.

^[1]See Can I mount the root (system) filesystem as writable in Big Sur?