Magisk is a great and clever program. Still, it has to go through a lot of machinations to make its magic work. Try doing a "mount" command and see all the stuff that it has to jimmy up to make things work. Maybe the performance hit is not bad, but still...
It is possible to just make the mods that you want without Magisk. This will require you to make a full, binary backup of /vendor and /system so that when Onyx releases an incremental update it will recognize those two partitions as "virgin". Of course, retaining the last non-incremental update and fudging the script or build dates will allow you to downgrade then upgrade.
The system partition is verified against a hash tree when loading, so we want to get rid of verification. The system partition is loaded from /vendor/etc/fstab.qcom That is also verified against a hash tree when loading so we want to get rid of
that verification. The vendor partition is loaded from the dtb that is stuck on the kernel in the boot partition.
So, we have to:
- Modify the dtb in boot so that the flags "wait,verify" are changed to "wait"
- Modify /vendor/etc/fstab.qcom so that the flags "wait,verify" are changed to "wait"
Are we there yet? Almost.
The two partitions vendor and system are protected by error correction. Android will attempt to correct any changes you make to those two partitions. We have to get rid of that too. The last 4096 block in each partition contains two copies of the FEC header. We can just zero those out.
So now you have a system where these two partitions are normally only mounted read-only, but could be modified externally. If you have a rooted recovery you can make your desired changes and reboot to the main system.
To be continued...