I need to determine in a shell script which device (physical device, not the partition) the system booted from.
I am using the script for imaging disks and want to prevent someone from accidentally erasing the disk in which the system booted from.
Each physical disk might contain /boot and /EFI partitions so I can't just check if the disk contains such partitions.
I need to know which disk was actually used during the boot process.
There is just no way to reliably determine the boot disk.
For the simple reason that the kernel just does not get this information.
The kernel starts its execution from the RAM in which it has been loaded by whatever mean (Most generally some anonymous bootloader) in a fire & forget way.
So you can just guess. Because the kernel knows where / is, (see root= in /proc/cmdline) depending on your environment on your bootloader configuration file, you could bet on the probability that / is on the device the system was booted from… or not.
Note that on x86 arches, you could try getting that info from the BIOS using int 13H interrupt call. It is of course a hard (and still unreliable) way to go.
As fpmurphy suggests in some comment, if you are absolutely certain that your running system can only rely on UEFI booting, then you could find this info running efibootmgr
You might also try several other ways, try fiddling MBRs…, but all will still get their part of uncertainty (that can once again be reduced depending on your environment).
Just think of what this information would mean in case you booted from network, your kernel was launched by kexec, your disks are organized in some RAID-array… ?
BTW, if your sole interest is preventing your users to accidentally erase boot partitions… well… what about simply making all of them read-only ? (since you only need these partitions to be writeable when installing a new kernel)