Multi-architecture containers are magical to use—but a bit arcane to work with. Why does `docker pull python:3` grab only one architecture? How can we verify that the signed one is in use? In this talk, I’ll demystify how the order of operations for container resolution works. We’ll then dive into OCI manifests, image layers, tags, and how those map to annotations like SBOMs, attestations, and signatures. Using this info, we'll map out a couple strategies on generating and verifying this information with Cosign regardless of the architecture we need to use. I’ll walk through real-world weirdness I’ve helped folks through managing multi-arch images at scale, including how some registries and pull-through caches behave unexpectedly. This talk is for folks who use containers daily but want to lay the foundation for their software supply chain security.