We do the signature verification alongside the pull path when it gets invoked from the kubelet, but not for the actual mount on container creation. I think we should also enforce the signature validation for image volumes in that place.

What are your thoughts @cri-o/cri-o-maintainers ?