Mount /boot rw so that grub can store/update the state for rauc. A user can then rm -rf /boot/grub and the machine will be dead.