Read-only, badUSB-proof and bootable USB stick?

I would like to create a bootable USB stick (so loaded with a given OS), that is read-only and badUSB proof (i.e. the stick has to verify if the firmware is signed). Is that possible with a Nitrokey, and if so, which one(s)? (so basically something equivalent to the Kanguru SS3 stick)

The goal is to have a key I can plug into any machine and have my OS run on it, without risking to have malware on the USB stick afterwards.

Use Nitrokey Storage to install your operating system on. Firmware updates are protected by the firmware password and you can export the installed firmware for verification.

Exporting the firmware for verification won’t help, because if it is infected, the malicious firmware could just “replay” the good firmware. Also, the moment I plug it into somewhere, that risks getting infected too.
However, would the password protection of the firmware be robust to an attack and just as safe as using signed firmware?

Also, is it possible to make the memory of the stick “read-only” too? If so, I take it that would be software based - is that as safe as as sticks with hard-ware read-only switches?

On the NK Storage you have a (small!) part that is read-only by default while you can change it with the master password (I for instance added my photo in it to prove the key is mine, then turned it back to read-only)
Other than that, I’d recommend to analyze the potential use of an USG physical barrier . I own two (the small versions) and am perfectly happy with them…

To counter this, we recommend to fill the remaining flash space with random data so that a malicious firmware wouldn’t have any space to live in. That implicates removing the storage card too.

As long as you choose a reasonable strong password, preferably a random string, the protection is strong.

As long as you don’t enter your Administrator PIN on an infected computer, the write-protection remains secure.