# Security & Threat Model

- Integrity only (no authenticity of identity unless a cert is used).

- Attackers who alter bytes will fail verification.

- Limitations: replacement with a different image + new manifest if not access-controlled.

- TODO: signatures with real certs; edge-signed manifests.