How does update_engine validate a differential update-image with dm-verity enabled?

I am working with Android 8, Android verified boot with dm-verity, and block-based differential seamless A/B updates. To my understanding, the Android update_engine performs some validations of the received update image before it proceeds to write the target partitions. AFAIK, update_engine checks if the differential update can be installed atop the current partitions. How is this check performed? I can imagine two possibilities, but I haven't found authoritative documentation of either hypothesis: 1. The differential update package contains a linear hash of the source partition. On the device, update_enigne computes a SHA-256 hash of the entire partition on top of which the differential update is to be applied. It compares this value with the one provided as part of the update package and proceeds only if the two values agree. 2. The differential update package contains the dm-verity root hash of the Merkle-Tree used for block-wise validation with dm-verity. The update_engine compares this target root-hash with the one provided on the device in the vbmeta structure. Only if the two match, it proceeds to install the update. Is either one of these hypotheses correct, or am I missing something? Similarly, how does the update_engine validate the target partitions once they have been written? Via a linear hash, or using the root hash? Or otherwise?