Android Upgrades, Custom ROMs (LineageOS), & Kernels

dm-verity & Android A/B: How Partition Integrity Secures Seamless Updates

By Antigravity Research Published May 30, 2026 ⏱️ 6 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction to Android A/B Seamless Updates

The Android operating system has continuously evolved to enhance user experience, security, and device longevity. One of the most significant advancements in this regard is the implementation of A/B (Seamless) System Updates, introduced with Android 7.0 Nougat. Unlike traditional update mechanisms that require users to wait for the device to reboot into a recovery partition, A/B updates allow the system to update while the device is actively in use, leading to a much smoother and less disruptive user experience. This mechanism relies heavily on a robust partition integrity verification system: dm-verity.

A/B updates work by having two complete sets of partition slots (typically A and B) for critical partitions like `system`, `vendor`, `boot`, and `product`. While the device is running from slot A, the update downloads and installs silently into slot B. Once the installation is complete, a simple reboot switches the active slot to B, completing the update. If anything goes wrong with the new slot, the device can seamlessly roll back to the previously working slot A, preventing bricked devices and improving reliability.

Understanding dm-verity: The Foundation of Integrity

Device Mapper Verity (dm-verity) is a kernel feature that provides transparent integrity checking of block devices. Its primary role in Android is to prevent persistent rootkits that can modify system partitions without detection. Dm-verity ensures that the mounted filesystem on a block device (like your `/system` partition) has not been tampered with. It does this by cryptographically verifying every block as it’s read from the storage device.

How dm-verity Works

At its core, dm-verity employs a hash tree (Merkle tree) structure. A hash tree is a tree of hashes, where every leaf node contains the cryptographic hash of a data block, and every non-leaf node contains the cryptographic hash of its child nodes. The root hash of this tree is stored in a fixed, protected location, often within the `verity` metadata appended to the partition itself, or within the Android Verified Boot (AVB) metadata in the `vbmeta` partition.

When the system boots, the bootloader (via AVB) verifies the root hash. As the kernel attempts to read a data block from a dm-verity protected partition, it computes the hash of that block. It then uses the corresponding intermediate hashes in the Merkle tree to verify that the block’s hash matches what’s expected based on the known, trusted root hash. If any block’s hash doesn’t match, dm-verity detects tampering and can either log the error, remount the filesystem as read-only, or trigger a reboot into recovery mode.

A simplified representation of the verification process:

+-----------------+
|   Root Hash     |  (Verified by Bootloader/AVB)
+--------+--------+
         |
  +------+------+
  | Hash A | Hash B |
  +---+----+---+----+
      |        |
+-----+-----+-----+-----+
| Data Block 1 | Data Block 2 | ...
+--------------+--------------+

Checking dm-verity Status

You can check the dm-verity status on an Android device using `adb shell`.

adb shell
su
dmsetup table --target verity

This command lists active dm-verity devices. If a partition is protected, you’ll see output similar to this:

0 20971520 verity 1 /dev/block/sde5 /dev/block/sde5 4096 4096 20971520 20971520 62153b6f... 62153b6f...

The important part is the `verity` target and the device paths, indicating active integrity checks.

dm-verity and Android A/B: A Synergistic Security Model

The combination of dm-verity and A/B updates creates a highly secure and resilient update mechanism. Here’s how they work together:

  1. Inactive Slot Verification:

    When an update is applied to the inactive slot (e.g., slot B while running on A), dm-verity is crucial. The bootloader or a specific `update_engine` process will verify the integrity of the newly written data in slot B using its dm-verity metadata *before* marking it as bootable. This ensures that the update itself hasn’t been corrupted during download or installation and that the target slot B is in a pristine, verified state.

  2. Boot-Time Integrity:

    Once the system attempts to boot from the newly updated slot B, dm-verity performs its regular, block-by-block integrity check. If any part of the system image on slot B has been tampered with or corrupted since installation (perhaps by a malicious actor or a faulty storage sector), dm-verity will detect it and prevent the device from fully booting into an compromised state.

  3. Rollback Security:

    If the new slot (B) fails to boot correctly or dm-verity detects an issue, the bootloader can revert to the previous, known-good slot (A). This rollback is also secured by dm-verity, ensuring that even the fallback slot remains untampered. This mechanism drastically reduces the risk of failed updates leading to unrecoverable devices.

  4. Prevention of Persistent Tampering:

    For users running custom ROMs or modified systems, dm-verity often presents a challenge. Modifying `/system` or other protected partitions will break dm-verity’s cryptographic chain, leading to boot failures or warnings. Disabling dm-verity (often done by flashing a custom `boot.img` or a tool like Magisk) is a common step for rooting or installing custom software, but it also removes a critical security layer.

Implications for Custom ROMs and Kernels

When installing custom ROMs like LineageOS or flashing custom kernels, users often interact with dm-verity and A/B slots. Custom ROMs typically come with their own `boot.img` and system images. To allow modifications, these custom images are often built without dm-verity enabled, or they include mechanisms to disable it post-installation. For A/B devices, this means ensuring that both slots are handled correctly during the custom ROM flashing process, often requiring specific `fastboot` commands targeting individual slots.

For example, flashing a custom image to both slots:

fastboot flash system_a your_custom_system.img
fastboot flash system_b your_custom_system.img
fastboot flash boot_a your_custom_boot.img
fastboot flash boot_b your_custom_boot.img
fastboot --set-active=a
fastboot reboot

This ensures consistency across slots, though specific custom ROM instructions may vary. It’s crucial for custom ROM developers to manage the dm-verity and AVB signing process to ensure devices can boot without integrity issues.

Conclusion

The synergy between dm-verity and Android’s A/B seamless update mechanism represents a significant leap forward in device security and reliability. Dm-verity’s rigorous, real-time integrity checks ensure that system partitions remain untampered, while A/B updates provide a fault-tolerant and user-friendly update process. Together, they create a robust defense against malicious modifications and ensure a consistently secure and smooth Android experience, from official updates to well-crafted custom firmware. Understanding these foundational technologies is key for anyone deeply involved in Android development, security research, or advanced device customization.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android A/B #Android Security #Custom ROMs #dm-verity #Seamless Updates

Related Technical Guides

Deep Dive: Understanding Fastboot ‘flash recovery’ for TWRP on A/B Slot Devices

May 30, 2026

Beyond Basics: Optimizing Magisk Delta Zygisk for Seamless Root Hiding & Performance

May 30, 2026

System Partition Corruption & OTA: A Lab Guide to Repairing Update-Blocking Issues

May 30, 2026