vs. dm-verity

fs-verity is used to implement ro.apk_verity.mode for the rw userdata partition. The OS itself is fully verified via dm-verity (system/vendor), hashes (boot/dtbo) and a signature (vbmeta). Those are all read-only at runtime, and updated by writing to the alternate partition set.