diff --git a/osbase/oci/osimage/BUILD.bazel b/osbase/oci/osimage/BUILD.bazel
new file mode 100644
index 0000000..bfb8dd6
--- /dev/null
+++ b/osbase/oci/osimage/BUILD.bazel
@@ -0,0 +1,16 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "osimage",
+    srcs = [
+        "osimage.go",
+        "types.go",
+    ],
+    importpath = "source.monogon.dev/osbase/oci/osimage",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//osbase/oci",
+        "//osbase/structfs",
+        "@com_github_klauspost_compress//zstd",
+    ],
+)
diff --git a/osbase/oci/osimage/osimage.go b/osbase/oci/osimage/osimage.go
new file mode 100644
index 0000000..30a88ae
--- /dev/null
+++ b/osbase/oci/osimage/osimage.go
@@ -0,0 +1,190 @@
+// Copyright The Monogon Project Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package osimage allows reading OS images represented as OCI artifacts, and
+// contains the types for the OS image config.
+package osimage
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/klauspost/compress/zstd"
+
+	"source.monogon.dev/osbase/oci"
+	"source.monogon.dev/osbase/structfs"
+)
+
+// Image represents an OS image.
+type Image struct {
+	// Config contains the parsed config.
+	Config *Config
+	// RawConfig contains the bytes of the config.
+	RawConfig []byte
+
+	image *oci.Image
+}
+
+// Read reads the config from an OCI image and returns an [Image].
+func Read(image *oci.Image) (*Image, error) {
+	manifest := image.Manifest
+	if manifest.ArtifactType != ArtifactTypeOSImage {
+		return nil, fmt.Errorf("unexpected manifest artifact type %q", manifest.ArtifactType)
+	}
+	if manifest.Config.MediaType != MediaTypeOSImageConfig {
+		return nil, fmt.Errorf("unexpected config media type %q", manifest.Config.MediaType)
+	}
+
+	// Read the config.
+	rawConfig, err := image.ReadBlobVerified(&manifest.Config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read config: %w", err)
+	}
+	config := &Config{}
+	err = json.Unmarshal(rawConfig, &config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse config: %w", err)
+	}
+	if config.FormatVersion != ConfigVersion {
+		return nil, fmt.Errorf("unsupported config version %q", config.FormatVersion)
+	}
+	if len(config.Payloads) != len(manifest.Layers) {
+		return nil, fmt.Errorf("number of layers %d does not match number of payloads %d", len(manifest.Layers), len(config.Payloads))
+	}
+	for i := range config.Payloads {
+		payload := &config.Payloads[i]
+		if payload.Size < 0 {
+			return nil, fmt.Errorf("payload %q has negative size", payload.Name)
+		}
+		if payload.HashChunkSize <= 0 {
+			return nil, fmt.Errorf("payload %q has invalid chunk size %d", payload.Name, payload.HashChunkSize)
+		}
+		if payload.HashChunkSize > 16*1024*1024 {
+			return nil, fmt.Errorf("payload %q has too large chunk size %d", payload.Name, payload.HashChunkSize)
+		}
+		chunks := payload.Size / payload.HashChunkSize
+		if chunks*payload.HashChunkSize < payload.Size {
+			chunks++
+		}
+		if int64(len(payload.ChunkHashesSHA256)) != chunks {
+			return nil, fmt.Errorf("payload %q has %d chunks but %d chunk hashes", payload.Name, chunks, len(payload.ChunkHashesSHA256))
+		}
+	}
+
+	osImage := &Image{
+		Config:    config,
+		RawConfig: rawConfig,
+		image:     image,
+	}
+	return osImage, nil
+}
+
+// Payload returns the contents of the payload of the given name.
+// All data is verified against hashes in the config before it is returned.
+func (i *Image) Payload(name string) (structfs.Blob, error) {
+	for pi := range i.Config.Payloads {
+		info := &i.Config.Payloads[pi]
+		if info.Name == name {
+			layer := &i.image.Manifest.Layers[pi]
+			blob := &payloadBlob{
+				raw:       i.image.StructfsBlob(layer),
+				mediaType: layer.MediaType,
+				info:      info,
+			}
+			return blob, nil
+		}
+	}
+	return nil, fmt.Errorf("payload %q not found", name)
+}
+
+type payloadBlob struct {
+	raw       structfs.Blob
+	mediaType string
+	info      *PayloadInfo
+}
+
+func (b *payloadBlob) Open() (io.ReadCloser, error) {
+	blobReader, err := b.raw.Open()
+	if err != nil {
+		return nil, err
+	}
+	reader := &payloadReader{
+		chunkHashes: b.info.ChunkHashesSHA256,
+		blobReader:  blobReader,
+		remaining:   b.info.Size,
+		buf:         make([]byte, b.info.HashChunkSize),
+	}
+	switch b.mediaType {
+	case MediaTypePayloadUncompressed:
+		reader.uncompressed = blobReader
+	case MediaTypePayloadZstd:
+		reader.zstdDecoder, err = zstd.NewReader(blobReader)
+		if err != nil {
+			blobReader.Close()
+			return nil, fmt.Errorf("failed to create zstd decoder: %w", err)
+		}
+		reader.uncompressed = reader.zstdDecoder
+	default:
+		blobReader.Close()
+		return nil, fmt.Errorf("unsupported media type %q", b.mediaType)
+	}
+	return reader, nil
+}
+
+func (b *payloadBlob) Size() int64 {
+	return b.info.Size
+}
+
+type payloadReader struct {
+	chunkHashes  []string
+	blobReader   io.ReadCloser
+	zstdDecoder  *zstd.Decoder
+	uncompressed io.Reader
+	remaining    int64  // number of bytes remaining in uncompressed
+	buf          []byte // buffer of chunk size
+	available    []byte // bytes available for reading in the last read chunk
+}
+
+func (r *payloadReader) Read(p []byte) (n int, err error) {
+	if len(r.available) != 0 {
+		n = copy(p, r.available)
+		r.available = r.available[n:]
+		return
+	}
+	if r.remaining == 0 {
+		err = io.EOF
+		return
+	}
+	chunkLen := min(r.remaining, int64(len(r.buf)))
+	chunk := r.buf[:chunkLen]
+	_, err = io.ReadFull(r.uncompressed, chunk)
+	if err != nil {
+		if err == io.EOF {
+			err = io.ErrUnexpectedEOF
+		}
+		r.remaining = 0
+		return
+	}
+	chunkHashBytes := sha256.Sum256(chunk)
+	chunkHash := base64.RawStdEncoding.EncodeToString(chunkHashBytes[:])
+	if chunkHash != r.chunkHashes[0] {
+		err = fmt.Errorf("payload failed verification against chunk hash, expected %q, got %q", r.chunkHashes[0], chunkHash)
+		r.remaining = 0
+		return
+	}
+	r.chunkHashes = r.chunkHashes[1:]
+	r.remaining -= chunkLen
+	n = copy(p, chunk)
+	r.available = chunk[n:]
+	return
+}
+
+func (r *payloadReader) Close() error {
+	if r.zstdDecoder != nil {
+		r.zstdDecoder.Close()
+	}
+	return r.blobReader.Close()
+}
diff --git a/osbase/oci/osimage/types.go b/osbase/oci/osimage/types.go
new file mode 100644
index 0000000..d81d759
--- /dev/null
+++ b/osbase/oci/osimage/types.go
@@ -0,0 +1,42 @@
+// Copyright The Monogon Project Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package osimage
+
+// Media types which appear in the OCI image manifest.
+const (
+	ArtifactTypeOSImage          = "application/vnd.monogon.os.image.v1"
+	MediaTypeOSImageConfig       = "application/vnd.monogon.os.image.config.v1+json"
+	MediaTypePayloadUncompressed = "application/octet-stream"
+	MediaTypePayloadZstd         = "application/zstd"
+)
+
+// ConfigVersion is the current version in [Config.FormatVersion].
+const ConfigVersion = "1"
+
+// Config contains metadata of an OS image.
+type Config struct {
+	// FormatVersion should be incremented when making breaking changes to the
+	// image format. Readers must stop when they see an unknown version.
+	FormatVersion string `json:"format_version"`
+	// Payloads describes the payloads contained in the image. It has the same
+	// length and order as the layers list in the image manifest.
+	Payloads []PayloadInfo `json:"payloads"`
+}
+
+type PayloadInfo struct {
+	// Name of this payload, for example "system" or "kernel.efi". Must consist of
+	// at least one and at most 80 characters in the set [0-9A-Za-z._-], and may
+	// not start with [._] or end with [.]. Each name must be unique.
+	Name string `json:"name"`
+	// Size is the uncompressed size in bytes of the payload.
+	Size int64 `json:"size"`
+	// HashChunkSize is the size of each hash chunk, except for the last chunk
+	// which may be smaller.
+	HashChunkSize int64 `json:"hash_chunk_size"`
+	// ChunkHashesSHA256 contains the sha256 hash of each chunk. Chunks are
+	// obtained by dividing the uncompressed payload into chunks of size
+	// HashChunkSize, with the last chunk containing the remainder.
+	// Hashes are encoded as base64 without padding.
+	ChunkHashesSHA256 []string `json:"chunk_hashes_sha256"`
+}