> I thought about this a bit more, and I agree with Milan. I/O errors > can be temporary and applications should be expected to handle them. Are we sure that I/O errors always reach a usermode reader? E.g., in the file system metadata corruption case (like EIO for a file system driver becoming ENOENT for an application). > Android devices, which I assume are the largest users of this > functionality, are expected to switch dm-verity partitions back to > normal mode after the first restart is triggered, and userspace is > therefore expected to handle I/O errors gracefully anyway. And there is a warning displayed: "When booting in eio mode, the device shows an error screen informing the user that [...] the device might not function correctly." https://source.android.com/docs/security/features/verifiedboot/verified-boot#handling-verification-errors