I am learning about the protection of dm-verity for android and I try to understand how the dm-verity of android uses the hash tree to validate the "single block".
Instead, dm-verity verifies the blocks individually and only when each is accessed. When it reads in memory, the block hash in parallel. The hash is then verified up to the tree. And since reading the block is such an expensive operation, the latency introduced by this block level check is comparatively nominal.
After reading and blocking the block, the tree is verified. But how can I verify the root hash, when I have not read all the blocks? I can verify only that part of the tree that I have read, and that means that I do not have to upload the root hash.
I do not understand why we use a hashish tree. The StackOverflow thread says that the main reason for using hash trees is when the hash is calculated for each block and, again, for the entire file, I do not understand why it is used here.
So, how is it really implemented? My guess is that when the block is loaded into memory, Android simply checks the particular branch and the rest of the values are taken from the precalculated hash tree. But I do not see the reason to use the tree. I would simply store block hash values and, after reading the block and the hashing, I will only compare the hash.