diff --git a/README.md b/README.md
index f557fbb..37e4cb5 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,46 @@
-# uCore
+# uCore <!-- omit in toc -->
 
 [![stable](https://github.com/ublue-os/ucore/actions/workflows/build-stable.yml/badge.svg)](https://github.com/ublue-os/ucore/actions/workflows/build-stable.yml)
 [![testing](https://github.com/ublue-os/ucore/actions/workflows/build-testing.yml/badge.svg)](https://github.com/ublue-os/ucore/actions/workflows/build-testing.yml)
 
-## What is this?
+uCore is an OCI image of [Fedora CoreOS](https://getfedora.org/coreos/) with "batteries included". More specifically, it's an opinionated, custom CoreOS image, built daily with some common tools added in. The idea is to make a lightweight server image including commonly used services or the building blocks to host them.
 
-You should be familiar with [Fedora CoreOS](https://getfedora.org/coreos/), as this is an OCI image of CoreOS with "batteries included". More specifically, it's an opinionated, custom CoreOS image, built daily with some commonly used tools added in. The idea is to make a lightweight server image including most used services or the building blocks to host them.
+Please take a look at the included modifications, and help us improve uCore if the project interests you.
 
-Please take a look at the included modifications and help us test uCore if the project interests you.
+## Table of Contents <!-- omit in toc -->
 
-## Images & Features
+- [Features](#features)
+  - [Images](#images)
+    - [`fedora-coreos`](#fedora-coreos)
+    - [`ucore-minimal`](#ucore-minimal)
+    - [`ucore`](#ucore)
+    - [`ucore-hci`](#ucore-hci)
+  - [Tag Matrix](#tag-matrix)
+- [Installation](#installation)
+  - [Image Verification](#image-verification)
+  - [Auto-Rebase Install](#auto-rebase-install)
+  - [Manual Install/Rebase](#manual-installrebase)
+- [Tips and Tricks](#tips-and-tricks)
+  - [CoreOS and ostree Docs](#coreos-and-ostree-docs)
+  - [Immutability and Podman](#immutability-and-podman)
+  - [Default Services](#default-services)
+  - [SELinux Troubleshooting](#selinux-troubleshooting)
+  - [Docker/Moby and Podman](#dockermoby-and-podman)
+  - [Podman and FirewallD](#podman-and-firewalld)
+  - [Distrobox](#distrobox)
+  - [NAS - Storage](#nas---storage)
+    - [NFS](#nfs)
+    - [Samba](#samba)
+  - [SecureBoot w/ kmods](#secureboot-w-kmods)
+  - [NVIDIA](#nvidia)
+    - [Included Drivers](#included-drivers)
+    - [Other Drivers](#other-drivers)
+  - [ZFS](#zfs)
+    - [ZFS and immutable root filesystem](#zfs-and-immutable-root-filesystem)
+    - [Sanoid/Syncoid](#sanoidsyncoid)
+- [Metrics](#metrics)
+
+## Features
 
 The uCore project builds four images, each with different tags for different features.
 
@@ -27,23 +58,26 @@ The [tag matrix](#tag-matrix) includes combinations of the following:
 - `nvidia` - for an image which includes nvidia driver and container runtime
 - `zfs` - for an image which includes zfs driver and tools
 
+### Images
 
-### `fedora-coreos`
+#### `fedora-coreos`
 
-*NOTE: formerly named `fedora-coreos-zfs`, the previous version of the image did not offer the nvidia option. If on the previous image name, please update with `rpm-ostree rebase`.*
+> [!IMPORTANT]
+> This was previously named `fedora-coreos-zfs`, but that version of the image did not offer the nvidia option. If on the previous image name, please rebase with `rpm-ostree rebase`.
 
 A generic [Fedora CoreOS image](https://quay.io/repository/fedora/fedora-coreos?tab=tags) image with choice of add-on kernel modules:
 
 - [nvidia versions](#tag-matrix) add:
-  - [nvidia driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently version 535) built from negativo17's akmod package
+  - [nvidia driver](https://github.com/ublue-os/ucore-kmods) - latest driver built from negativo17's akmod package
   - [nvidia-container-toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/sample-workload.html) - latest toolkit which supports both root and rootless podman containers and CDI
   - [nvidia container selinux policy](https://github.com/NVIDIA/dgx-selinux/tree/master/src/nvidia-container-selinux) - allows using `--security-opt label=type:nvidia_container_t` for some jobs (some will still need `--security-opt label=disable` as suggested by nvidia)
 - [ZFS versions](#tag-matrix) add:
   - [ZFS driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently pinned to 2.2.x series)
 
-*NOTE: currently, zincati fails to start on systems with OCI based deployments (like uCore). Upstream efforts are active to correct this.*
+> [!NOTE]
+> zincati fails to start on all systems with OCI based deployments (like uCore). Upstream efforts are active to develop an alternative.
 
-### `ucore-minimal`
+#### `ucore-minimal`
 
 Suitable for running containerized workloads on either bare metal or virtual machines, this image tries to stay lightweight but functional.
 
@@ -59,21 +93,21 @@ Suitable for running containerized workloads on either bare metal or virtual mac
   - [tmux](https://github.com/tmux/tmux/wiki/Getting-Started)
   - udev rules enabling full functionality on some [Realtek 2.5Gbit USB Ethernet](https://github.com/wget/realtek-r8152-linux/) devices
 - Optional [nvidia versions](#tag-matrix) add:
-  - [nvidia driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently version 535) built from negativo17's akmod package
+  - [nvidia driver](https://github.com/ublue-os/ucore-kmods) - latest driver built from negativo17's akmod package
   - [nvidia-container-toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/sample-workload.html) - latest toolkit which supports both root and rootless podman containers and CDI
   - [nvidia container selinux policy](https://github.com/NVIDIA/dgx-selinux/tree/master/src/nvidia-container-selinux) - allows using `--security-opt label=type:nvidia_container_t` for some jobs (some will still need `--security-opt label=disable` as suggested by nvidia)
 - Optional [ZFS versions](#tag-matrix) add:
-  - [ZFS driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently pinned to 2.2.x series)
-  - [sanoid/syncoid dependencies](https://github.com/jimsalterjrs/sanoid) - [see below](#zfs) for details
-    - note: on `ucore-minimal` images, only `pv` is installed
+  - [ZFS driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently pinned to 2.2.x series) - [see below](#zfs) for details
+  - `pv` is installed with zfs as a complementary tool
 - Disables Zincati auto upgrade/reboot service
 - Enables staging of automatic system updates via rpm-ostreed
 - Enables password based SSH auth (required for locally running cockpit web interface)
 - Provides public key allowing [SecureBoot](#secureboot) (for ucore signed `nvidia` or `zfs` drivers)
 
-Note: per [cockpit instructions](https://cockpit-project.org/running.html#coreos) the cockpit-ws RPM is **not** installed, rather it is provided as a pre-defined systemd service which runs a podman container.
+> [!IMPORTANT]
+> Per [cockpit's instructions](https://cockpit-project.org/running.html#coreos) the cockpit-ws RPM is **not** installed, rather it is provided as a pre-defined systemd service which runs a podman container.
 
-### `ucore`
+#### `ucore`
 
 This image builds on `ucore-minimal` but adds drivers, storage tools and utilities making it more useful on bare metal or as a storage server (NAS).
 
@@ -90,8 +124,10 @@ This image builds on `ucore-minimal` but adds drivers, storage tools and utiliti
   - [samba](https://www.samba.org/) and samba-usershares to provide SMB sevices
   - [snapraid](https://www.snapraid.it/)
   - usbutils(and pciutils) - technically pciutils is pulled in by open-vm-tools in ucore-minimal
+- Optional [ZFS versions](#tag-matrix) add:
+  - [sanoid/syncoid dependencies](https://github.com/jimsalterjrs/sanoid) - [see below](#zfs) for details
 
-### `ucore-hci`
+#### `ucore-hci`
 
 Hyper-Coverged Infrastructure(HCI) refers to storage and hypervisor in one place... This image primarily adds libvirt tools for virtualization.
 
@@ -102,15 +138,85 @@ Hyper-Coverged Infrastructure(HCI) refers to storage and hypervisor in one place
   - [libvirt-daemon-kvm](https://libvirt.org/): libvirt KVM hypervisor management
   - virt-install: command-line utility for installing virtual machines
 
-Note: Fedora now uses `DefaultTimeoutStop=45s` for systemd services which could cause `libvirtd` to quit before shutting down slow VMs. Consider adding `TimeoutStopSec=120s` as an override for `libvirtd.service` if needed.
+> [!NOTE]
+> Fedora uses `DefaultTimeoutStop=45s` for systemd services which could cause `libvirtd` to quit before shutting down slow VMs. Consider adding `TimeoutStopSec=120s` as an override for `libvirtd.service` if needed.
+
+### Tag Matrix
+
+| IMAGE | TAG |
+|-|-|
+| [`fedora-coreos`](#fedora-coreos) - *stable* | `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
+| [`fedora-coreos`](#fedora-coreos) - *testing* | `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
+| [`ucore-minimal`](#ucore-minimal) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
+| [`ucore-mimimal`](#ucore-minimal) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
+| [`ucore`](#ucore) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
+| [`ucore`](#ucore) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
+| [`ucore-hci`](#ucore-hci) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
+| [`ucore-hci`](#ucore-hci) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
+
+## Installation
+
+**Please read the [CoreOS installation guide](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/)** before attempting installation. As uCore is an extension of CoreOS, it does not provide it's own custom or GUI installer.
+
+There are varying methods of installation for bare metal, cloud providers, and virtualization platforms.
+
+**All CoreOS installation methods require the user to [produce an Ignition file](https://docs.fedoraproject.org/en-US/fedora-coreos/producing-ign/).** This Ignition file should, at mimimum, set a password and SSH key for the default user (default username is `core`).
+
+> [!NOTE]
+> It is highly recommended that for bare metal installs, first test your ignition configuration by installing in a VM (or other test hardware) using the same bare metal process.
+
+### Image Verification
+
+These images are signed with sigstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You can verify the signature by running the following command:
+
+```bash
+cosign verify --key https://github.com/ublue-os/ucore/raw/main/cosign.pub ghcr.io/ublue-os/IMAGE:TAG
+```
+
+### Auto-Rebase Install
+
+One of the fastest paths to running uCore is using [examples/ucore-autorebase.butane](examples/ucore-autorebase.butane) as a template for your CoreOS butane file.
+
+1. As usual, you'll need to [follow the docs to setup a password](https://coreos.github.io/butane/examples/#using-password-authentication). Substitute your password hash for `YOUR_GOOD_PASSWORD_HASH_HERE` in the `ucore-autorebase.butane` file, and add your ssh pub key while you are at it.
+1. Generate an ignition file from your new `ucore-autorebase.butane` [using the butane utility](https://coreos.github.io/butane/getting-started/).
+1. Now install CoreOS for [hypervisor, cloud provider or bare-metal](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/). Your ignition file should work for any platform, auto-rebasing to the `ucore:stable` (or other `IMAGE:TAG` combo), rebooting and leaving your install ready to use.
+
+### Manual Install/Rebase
+
+Once a machine is running any Fedora CoreOS version, you can easily rebase to uCore.  Installing CoreOS itself can be done through [a number of provisioning methods](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/).
+
+To rebase an existing machine to the latest uCore:
+
+1. Execute the `rpm-ostree rebase` command (below) with desired `IMAGE` and `TAG`.
+1. Reboot, as instructed.
+1. After rebooting, you should [pin the working deployment](https://docs.fedoraproject.org/en-US/fedora-silverblue/faq/#_how_can_i_upgrade_my_system_to_the_next_major_version_for_instance_rawhide_or_an_upcoming_fedora_release_branch_while_keeping_my_current_deployment) which allows you to rollback if required.
+
+```bash
+sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/ublue-os/IMAGE:TAG
+```
+
+#### Verified Image Updates <!-- omit in toc -->
+
+The `ucore*` images include container policies to support image verification for improved trust of upgrades. Once running one of the `ucore*` images, the following command will rebase to the verified image reference:
+
+```bash
+sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/IMAGE:TAG
+```
+
+> [!NOTE]
+> This policy is not included with `fedora-coreos:*` as those images are kept very stock.*
 
 ## Tips and Tricks
 
+### CoreOS and ostree Docs
+
+It's a good idea to become familar with the [Fedora CoreOS Documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/) as well as the [CoreOS rpm-ostree docs](https://coreos.github.io/rpm-ostree/). Note especially, this image is only possible due to [ostree native containers](https://coreos.github.io/rpm-ostree/container/).
+
 ### Immutability and Podman
 
-These images are immutable and you probably shouldn't install packages like in a mutable "normal" distribution.
+A CoreOS root filesystem system is immutable at runtime, and it is not recommended to install packages like in a mutable "normal" distribution.
 
-Fedora CoreOS expects the user to run services using [podman](https://podman.io). `moby-engine`, the free Docker implementation, is installed for those who desire docker instead of podman.
+Fedora CoreOS expects the user to run services using [podman](https://podman.io). `moby-engine`, the free Docker implementation, is also installed for those who desire docker instead of podman.
 
 ### Default Services
 
@@ -122,13 +228,15 @@ To activate pre-installed services (`cockpit`, `docker`, `tailscaled`, etc):
 sudo systemctl enable --now SERVICENAME.service
 ```
 
-Note: `libvirtd` is enabled by default, but only starts when triggerd by it's socket (eg, using `virsh` or other clients).
+> [!NOTE]
+> The `libvirtd` is enabled by default, but only starts when triggerd by it's socket (eg, using `virsh` or other clients).
 
 ### SELinux Troubleshooting
 
 SELinux is an integral part of the Fedora Atomic system design. Due to a few interelated issues, if SELinux is disabled, it's difficult to re-enable.
 
-**We STRONGLY recommend: DO NOT DISABLE SELinux!**
+> [!WARNING]
+> **We STRONGLY recommend: DO NOT DISABLE SELinux!**
 
 Should you suspect that SELinux is causing a problem, it is easy to enable permissive mode at runtime, which will keep SELinux functioning, provide reporting of problems, but not enforce restrictions.
 
@@ -150,7 +258,10 @@ Fedora provides useful docs on [SELinux troubleshooting](https://docs.fedoraproj
 
 ### Docker/Moby and Podman
 
-NOTE: CoreOS [cautions against](https://docs.fedoraproject.org/en-US/fedora-coreos/faq/#_can_i_run_containers_via_docker_and_podman_at_the_same_time) running podman and docker containers at the same time.  Thus, `docker.socket` is disabled by default to prevent accidental activation of the docker daemon, given podman is the default.
+> [!IMPORTANT]
+> CoreOS [cautions against](https://docs.fedoraproject.org/en-US/fedora-coreos/faq/#_can_i_run_containers_via_docker_and_podman_at_the_same_time) running podman and docker containers at the same time.  Thus, `docker.socket` is disabled by default to prevent accidental activation of the docker daemon, given podman is the default.
+>
+> Ony run both simultaneously if you understand the risk.
 
 ### Podman and FirewallD
 
@@ -158,31 +269,28 @@ Podman and firewalld [can sometimes conflict](https://github.com/ublue-os/ucore/
 
 As of [netavark v1.9.0](https://blog.podman.io/2023/11/new-netavark-firewalld-reload-service/) a service is provided to handle re-adding netavark (Podman) firewall rules after a firewalld reload occurs.  If needed, enable like so: `systemctl enable netavark-firewalld-reload.service`
 
-
 ### Distrobox
 
 Users may use [distrobox](https://github.com/89luca89/distrobox) to run images of mutable distributions where applications can be installed with traditional package managers. This may be useful for installing interactive utilities such has `htop`, `nmap`, etc. As stated above, however, *services* should run as containers.
 
-### CoreOS and ostree Docs
-
-It's a good idea to become familar with the [Fedora CoreOS Documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/) as well as the [CoreOS rpm-ostree docs](https://coreos.github.io/rpm-ostree/). Note especially, this image is only possible due to [ostree native containers](https://coreos.github.io/rpm-ostree/container/).
-
 ### NAS - Storage
 
 `ucore` includes a few packages geared towards a storage server which will require individual research for configuration:
-  - [duperemove](https://github.com/markfasheh/duperemove)
-  - [mergerfs](https://github.com/trapexit/mergerfs)
-  - [snapraid](https://www.snapraid.it/)
+
+- [duperemove](https://github.com/markfasheh/duperemove)
+- [mergerfs](https://github.com/trapexit/mergerfs)
+- [snapraid](https://www.snapraid.it/)
 
 But two others are included, which though common, warrant some explanation:
-  - nfs-utils - replaces a "light" version typically in CoreOS to provide kernel NFS server
-  - samba and samba-usershares - to provide SMB sevices
+
+- nfs-utils - replaces a "light" version typically in CoreOS to provide kernel NFS server
+- samba and samba-usershares - to provide SMB sevices
 
 #### NFS
 
 It's suggested to read Fedora's [NFS Server docs](https://docs.fedoraproject.org/en-US/fedora-server/services/filesharing-nfs-installation/) plus other documentation to understand how to setup this service. But here's a few quick tips...
 
-##### Firewall
+##### Firewall - NFS <!-- omit in toc -->
 
 Unless you've disabled `firewalld`, you'll need to do this:
 
@@ -191,23 +299,26 @@ sudo firewall-cmd --permanent --zone=FedoraServer --add-service=nfs
 sudo firewall-cmd --reload
 ```
 
-##### SELinux
+##### SELinux - NFS <!-- omit in toc -->
 
 By default, nfs-server is blocked from sharing directories unless the context is set. So, generically to enable NFS sharing in SELinux run:
 
 For read-only NFS shares:
+
 ```bash
 sudo semanage fcontext --add --type "public_content_t" "/path/to/share/ro(/.*)?
 sudo restorecon -R /path/to/share/ro
 ```
 
 For read-write NFS shares:
+
 ```bash
 sudo semanage fcontext --add --type "public_content_rw_t" "/path/to/share/rw(/.*)?
 sudo restorecon -R /path/to/share/rw
 ```
 
 Say you wanted to share all home directories:
+
 ```bash
 sudo semanage fcontext --add --type "public_content_rw_t" "/var/home(/.*)?
 sudo restorecon -R /var/home
@@ -216,22 +327,24 @@ sudo restorecon -R /var/home
 The least secure but simplest way to let NFS share anything configured, is...
 
 For read-only:
+
 ```bash
 sudo setsebool -P nfs_export_all_ro 1
 ```
 
 For read-write:
+
 ```bash
 sudo setsebool -P nfs_export_all_rw 1
 ```
 
 There is [more to read](https://linux.die.net/man/8/nfs_selinux) on this topic.
 
-##### Shares
+##### Shares - NFS <!-- omit in toc -->
 
 NFS shares are configured in `/etc/exports` or `/etc/exports.d/*` (see docs).
 
-##### Run It
+##### Run It - NFS <!-- omit in toc -->
 
 Like all services, NFS needs to be enabled and started:
 
@@ -244,7 +357,7 @@ sudo systemctl status nfs-server.service
 
 It's suggested to read Fedora's [Samba docs](https://docs.fedoraproject.org/en-US/quick-docs/samba/) plus other documentation to understand how to setup this service. But here's a few quick tips...
 
-##### Firewall
+##### Firewall - Samba <!-- omit in toc -->
 
 Unless you've disabled `firewalld`, you'll need to do this:
 
@@ -253,7 +366,7 @@ sudo firewall-cmd --permanent --zone=FedoraServer --add-service=samba
 sudo firewall-cmd --reload
 ```
 
-##### SELinux
+##### SELinux - Samba <!-- omit in toc -->
 
 By default, samba is blocked from sharing directories unless the context is set. So, generically to enable samba sharing in SELinux run:
 
@@ -263,28 +376,31 @@ sudo restorecon -R /path/to/share
 ```
 
 Say you wanted to share all home directories:
+
 ```bash
 sudo semanage fcontext --add --type "samba_share_t" "/var/home(/.*)?
 sudo restorecon -R /var/home
 ```
 
 The least secure but simplest way to let samba share anything configured, is this:
+
 ```bash
 sudo setsebool -P samba_export_all_rw 1
 ```
 
 There is [much to read](https://linux.die.net/man/8/samba_selinux) on this topic.
 
-##### Shares
+##### Shares - Samba <!-- omit in toc -->
 
 Samba shares can be manually configured in `/etc/samba/smb.conf` (see docs), but user shares are also a good option.
 
 An example follows, but you'll probably want to read some docs on this, too:
+
 ```bash
 net usershare add sharename /path/to/share [comment] [user:{R|D|F}] [guest_ok={y|n}]
 ```
 
-##### Run It
+##### Run It - Samba <!-- omit in toc -->
 
 Like all services, Samba needs to be enabled and started:
 
@@ -293,15 +409,29 @@ sudo systemctl enable --now smb.service
 sudo systemctl status smb.service
 ```
 
+### SecureBoot w/ kmods
+
+For those wishing to use `nvidia` or `zfs` images with pre-built kmods AND run SecureBoot, the kernel will not load those kmods until the public signing key has been imported as a MOK (Machine-Owner Key).
+
+Do so like this:
+
+```bash
+sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der
+```
+
+The utility will prompt for a password. The password will be used to verify this key is the one you meant to import, after rebooting and entering the UEFI MOK import utility.
+
 ### NVIDIA
 
+#### Included Drivers
+
 If you installed an image with `-nvidia` in the tag, the nvidia kernel module, basic CUDA libraries, and the nvidia-container-toolkit are all are pre-installed.
 
 Note, this does NOT add desktop graphics services to your images, but it DOES enable your compatible nvidia GPU to be used for nvdec, nvenc, CUDA, etc. Since this is CoreOS and it's primarily intended for container workloads the [nvidia container toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) should be well understood.
 
-Note the included driver is the [latest nvidia driver](https://github.com/negativo17/nvidia-driver/blob/master/nvidia-driver.spec) as bundled by [negativo17](https://negativo17.org/nvidia-driver/). This package was chosen over rpmfusion's due to it's granular packages which allow us to install just the minimal `nvidia-driver-cuda` packages.
+The included driver is the [latest nvidia driver](https://github.com/negativo17/nvidia-driver/blob/master/nvidia-driver.spec) as bundled by [negativo17](https://negativo17.org/nvidia-driver/). This package was chosen over rpmfusion's due to it's granular packages which allow us to install just the minimal `nvidia-driver-cuda` packages.
 
-#### Other NVIDIA Drivers
+#### Other Drivers
 
 If you need an older (or different) driver, consider looking at the [container-toolkit-fcos driver](https://hub.docker.com/r/fifofonix/driver/). It provides pre-bundled container images with nvidia drivers for FCOS, allowing auto-build/loading of the nvidia driver IN podman, at boot, via a systemd service.
 
@@ -342,84 +472,12 @@ If you do forget to specify the mountpoint, or you need to change the mountpoint
 # zfs set mountpoint=/var/tank tank
 ```
 
-### Sanoid/Syncoid
+#### Sanoid/Syncoid
 
 sanoid/syncoid is a great tool for manual and automated snapshot/transfer of ZFS datasets. However, there is not a current stable RPM, rather they provide [instructions on installing via git](https://github.com/jimsalterjrs/sanoid/blob/master/INSTALL.md#centos).
 
 `ucore` has pre-install all the (lightweight) required dependencies (perl-Config-IniFiles perl-Data-Dumper perl-Capture-Tiny perl-Getopt-Long lzop mbuffer mhash pv), such that a user wishing to use sanoid/syncoid only need install the "sbin" files and create configuration/systemd units for it.
 
-### SecureBoot
-
-For those wishing to use `nvidia` or `zfs` images with pre-built kmods AND run SecureBoot, the kernel will not load those kmods until the public signing key has been imported as a MOK (Machine-Owner Key).
-
-Do so like this:
-```bash
-sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der
-```
-
-The utility will prompt for a password. The password will be used to verify this key is the one you meant to import, after rebooting and entering the UEFI MOK import utility.
-
-
-## How to Install
-
-### Prerequisites
-
-This image is not currently available for direct install. The user must follow the [CoreOS installation guide](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/). There are varying methods of installation for bare metal, cloud providers, and virtualization platforms.
-
-All CoreOS installation methods require the user to [produce an Ignition file](https://docs.fedoraproject.org/en-US/fedora-coreos/producing-ign/). This Ignition file should, at mimimum, set a password and SSH key for the default user (default username is `core`).
-
-### Install and Manually Rebase
-
-You can rebase any Fedora CoreOS x86_64 installation to uCore.  Installing CoreOS itself can be done through [a number of provisioning methods](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/).
-
-To rebase an Fedora CoreOS machine to the latest uCore (stable):
-
-1. Execute the `rpm-ostree rebase` command (below) with desired `IMAGE` and `TAG`.
-1. Reboot, as instructed.
-1. After rebooting, you should [pin the working deployment](https://docs.fedoraproject.org/en-US/fedora-silverblue/faq/#_how_can_i_upgrade_my_system_to_the_next_major_version_for_instance_rawhide_or_an_upcoming_fedora_release_branch_while_keeping_my_current_deployment) which allows you to rollback if required.
-
-```bash
-sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/ublue-os/IMAGE:TAG
-```
-
-#### Tag Matrix
-| IMAGE | TAG |
-|-|-|
-| [`fedora-coreos`](#fedora-coreos) - *stable* | `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
-| [`fedora-coreos`](#fedora-coreos) - *testing* | `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
-| [`ucore-minimal`](#ucore-minimal) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
-| [`ucore-mimimal`](#ucore-minimal) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
-| [`ucore`](#ucore) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
-| [`ucore`](#ucore) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
-| [`ucore-hci`](#ucore-hci) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
-| [`ucore-hci`](#ucore-hci) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
-
-
-#### Verified Image Updates
-
-This image now includes container policies to support image verification for improved trust of upgrades. Once running one of the `ucore*` images (not included in `fedora-coreos`), the following command will rebase to the verified image reference:
-
-```bash
-sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/IMAGE:TAG
-```
-
-
-### Install with Auto-Rebase
-
-Your path to a running uCore can be shortened by using [examples/ucore-autorebase.butane](examples/ucore-autorebase.butane) as the starting point for your CoreOS ignition file.
-
-1. As usual, you'll need to [follow the docs to setup a password](https://coreos.github.io/butane/examples/#using-password-authentication). Substitute your password hash for `YOUR_GOOD_PASSWORD_HASH_HERE` in the `ucore-autorebase.butane` file, and add your ssh pub key while you are at it.
-1. Generate an ignition file from your new `ucore-autorebase.butane` [using the butane utility](https://coreos.github.io/butane/getting-started/).
-1. Now install CoreOS for [hypervisor, cloud provider or bare-metal](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/). Your ignition file should work for any platform, auto-rebasing to the `ucore:stable` (or other `IMAGE:TAG` combo), rebooting and leaving your install ready to use.
-
-## Verification
-
-These images are signed with sigstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You can verify the signature by downloading the `cosign.pub` key from this repo and running the following command:
-
-```bash
-cosign verify --key cosign.pub ghcr.io/ublue-os/ucore
-```
-
 ## Metrics
 
 ![Alt](https://repobeats.axiom.co/api/embed/07d1ed133f5ed1a1048ea6a76bfe3a23227eedd5.svg "Repobeats analytics image")