Authenticated Btrfs

If/when the local attacker gets hold of the symmetric key, she can generate authentic data. Doesn't matter much whether that symmetric signed or not, does it? Sorry if I'm missing something (again).

The key difference (pun intended) is that this attack vector is not possible in dm-verity's read-only approach where nothing (firmware, kernel, ...) on the running system itself holds any secret needed to generate authentic data.

The more I think about it, the bigger the difference between read-only and read-write seems to be.