Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guarenteeing that every byte of every file is verified on load. This is done, similar to Git, using only hashes. This means that the signature on the UKI effectively signs the whole tree.

With composefs, file content is split from the metadata which enables de-duplication at the file level. We can thus host any number of OS images on a single filesystem and there is no need to reserve space on the system in advance for each image. This frees us from fixed size disk image formats such as dm-verity which is used in a lot of image based systems.

We illustrate this architecture by building an OS image using an OCI container via the familiar Containerfile syntax, then pushing it to a container registry and finally deploying it on a system.