Container Linux by CoreOS ships dm-verity, a technology that builds on trusted boot and secure boot to make it impossible for attackers to modify the underlying filesystem containing the OS. This security mechanism is enabled by default, helping ensure that the whole system is in a trustworthy state.
A core part of Container Linux is the automated image-based update strategy. Each Container Linux install has three partitions that are used by the OS: