1. Proposed title of this feature request

   integrity protected root file system for PodVM using dm-verity

2. What is the nature and description of the request?

    This Feature Request proposes implementing dm-verity in the Pod VM used by OpenShift sandboxed containers to secure the root file system with a cryptographically verified, read-only mechanism. dm-verity validates each disk block at access time, detecting unauthorized modifications immediately. This ensures that the Pod VM remains unaltered and supports secure remote attestation, even in environments where the underlying host may not be fully trusted. Note that we are looking to use composefs+fs-verity instead of dm-verity as it becomes available next year. 
   
3. Why does the customer need this? (List the business requirements here)

• Maintain root file system integrity by detecting and preventing any unauthorized modification of the Pod VM image.
• Provide cryptographic evidence (e.g., root hash) for remote attestation of the Pod VM, meeting security and compliance requirements.
• Integrate seamlessly with the OpenShift sandboxed containers operator to manage the lifecycle of dm-verity–enabled Pod VMs.

4. List any affected packages or components.

   OpenShift sandboxed containers operator, podvm payload

User Story
“As a security-conscious user of OpenShift sandboxed containers, I want the Pod VM to use dm-verity so that I can run my workloads in a verified, tamper-proof environment, ensuring end-to-end integrity for sensitive data and applications.”