verified boot improvements

static/releases.html

@@ -672,6 +672,9 @@
                         <li>SELinux policy: drop base OS apk_data_file restrictions to avoid blocking out-of-band updates to APK-based system components (this was a minor security feature that's being replaced with our recent and ongoing improvements to package manager and verified boot security to close major weaknesses in the standard Android verified boot security model)</li>
                         <li>remove unnecessary warning for failed virtual A/B sideloaded updates since it's atomic just like A/B updates</li>
                         <li>drop our extension to the install available apps feature making it work for apps not installed in Owner since this is risky in a situation where there are actually separate people using secondary users and while we want to provide this feature, we'd need to come up with a way to address this to add it back</li>
+                        <li>disable package parser cache since it provides a verified boot bypass for system component updates for regular boots while not saving more than around a second of boot time</li>
+                        <li>perform additional boot-time checks on system package updates in order to extend verified boot to out-of-band system package updates</li>
+                        <li>reimplement requiring fs-verity when installing system package updates in a better way</li>
                     </ul>
                 </article>
                 -->