Bootc is a system to boot regular container image as a full operating system, including a kernel. This gives an extremely flexibly and powerful mechanism to build, manage and deploy images to machines which reuses existing, known infrastructure and tools. However, to use this in embedded systems we also need to support for runtime validation of data (like dm-verity) and signatures (secureboot, android verified boot), which is not typically available for containers.

This talk will describe how technologies like bootc, composefs and ukiboot can be used to achive an end-to-end signed and verified boot, and demonstrate how this works in the automotive Linux platform we are building.