How to properly ENABLE dm-verity and FEC for /system on Motorola X4 with LineageOS 17.1?

I have built LineageOS 17.1 for Motorola X4 / payton with unlocked bootloader with reverted commit 81cc203c06596878d2beb62ab6e07f36e278018e . The common question is how to disable dm-verity, but I want to know how to properly enable it for /system . The vendor partition is called oem on Motorola. AVB was deactivated (the device is missing *fastboot flash avb_custom_key* but has a vbmeta_a/b partition?) During build these options were set: PRODUCT_SUPPORTS_BOOT_SIGNER := true PRODUCT_SUPPORTS_VERITY := true PRODUCT_SUPPORTS_VERITY_FEC := true I checked *system.img* and *vendor.img* with verity_verifier script and the *verity_key* and it outputs VERIFIED. I flashed boot, vendor and system to the corresponding partitions. */verity_key* is inside the *boot.img*. The boot cmdline contains *androidboot.veritymode=eio* and *veritykeyid=id:47b1fe9xxxxxx*. *The boot.img* only contains recovery.fstab, verify option is set there, too. adb enable-verity is succesful for / and for /vendor. */vendor/etc/fstab.qcom* contains the verify option for system and vendor partition. The following obversations were made: - During boot I see a message "Verity mode is set to disable". What is this referring to? - Modifiying data (*touch test*) on the vendor/oem partition from Lineage Recovery results in the errors being corrected by FEC, messages shown from dmesg after next boot: > [ 3.023786] init: [libfs_mgr]Enabling dm-verity for vendor (mode 0) > [ 3.175842] device-mapper: verity-fec: 259:31: FEC 0: corrected 21 errors > [ 3.257369] device-mapper: verity-fec: 259:31: FEC 4096: corrected 17 errors > [...] The created file *test* vanishes after boot. - Modifying data on the system partition from Lineage Recovery is not corrected by FEC and no messages show up. The created file *test* is visible on the partition after next boot. - There is no difference between locked and unlocked bootloader (*fastboot flash lock*). What am I missing here?