openshift · mburke5678 · Jan 15, 2026 · Jan 15, 2026 · Jan 16, 2026 · Jan 16, 2026
diff --git a/modules/rn-ocp-release-notes-known-issues.adoc b/modules/rn-ocp-release-notes-known-issues.adoc
@@ -4,8 +4,20 @@
 
 This section includes several known issues for {product-title} {product-version}.
 
-////
-Instructions: Add entries in the following format:
+* If you mirror the {product-title} release images to the registry of a disconnected environment by using the `oc adm release mirror` command, the release image Sigstore signature is not mirrored with the image. 
++
+This is an issue in {product-title} {product-version}, because the `openshift` cluster image policy is deployed by default to the cluster, which causes CRI-O to automatically verify the Sigstore signature when pulling images into a cluster.
++
+In the absence of the Sigstore signature, after updating to {product-title} {product-version} on a disconnected environment, future Cluster Version Operator pods might fail to run.  You can avoid this problem by installing the oc-mirror plugin v2  and using the `oc mirror` command to again mirror the {product-title} release image. The oc-mirror plugin v2 mirrors both the release image and its Sigstore signature to a disconnected environment.
-In the absence of the Sigstore signature, after updating to {product-title} {product-version} on a disconnected environment, future Cluster Version Operator pods might fail to run.  You can avoid this problem by installing the oc-mirror plugin v2  and using the `oc mirror` command to again mirror the {product-title} release image. The oc-mirror plugin v2 mirrors both the release image and its Sigstore signature to a disconnected environment.
+In the absence of the Sigstore signature, after updating to {product-title} {product-version} on a disconnected environment, future Cluster Version Operator pods might fail to run.  You can avoid this problem by installing the oc-mirror plugin v2 and using the `oc mirror` command to again mirror the {product-title} release image. The oc-mirror plugin v2 mirrors both the release image and its Sigstore signature to a disconnected environment.
-In the absence of the Sigstore signature, after updating to {product-title} {product-version} on a disconnected environment, future Cluster Version Operator pods might fail to run.  You can avoid this problem by installing the oc-mirror plugin v2  and using the `oc mirror` command to again mirror the {product-title} release image. The oc-mirror plugin v2 mirrors both the release image and its Sigstore signature to a disconnected environment.
+In the absence of the Sigstore signature, after updating to {product-title} {product-version} on a disconnected environment, future Cluster Version Operator pods might fail to run.  You can avoid this problem by installing the oc-mirror plugin v2 and using the `oc mirror` command to again mirror the {product-title} release image. The oc-mirror plugin v2 mirrors both the release image and its Sigstore signature to a disconnected environment.
++
+If you cannot use the oc-mirror plugin v2, you can use the `oc image mirror` command to mirror the Sigstore signature into your mirror registry by using a command similar to the following:
++
+[source,terminal]
+----
+$ oc image mirror "quay.io/openshift-release-dev/ocp-release:${RELEASE_DIGEST}.sig" "${LOCAL_REGISTRY}/${LOCAL_RELEASE_IMAGES_REPOSITORY}:${RELEASE_DIGEST}.sig"
+----
+where: 
 
-* Issue description (ex: * There is a known issue with ...)
-////
+`RELEASE_DIGEST:: Specifies your digest image with the `:` character replaced by a `-` character. For example: `sha256:884e1ff5effeaa04467fab9725900e7f0ed1daa89a7734644f14783014cebdee` becomes `sha256-884e1ff5effeaa04467fab9725900e7f0ed1daa89a7734644f14783014cebdee.sig`.
+
+For information on the oc-mirror v2 plugin, see _Mirroring images for a disconnected installation by using the oc-mirror plugin v2_.