diff --git a/storage/storage_dest.go b/storage/storage_dest.go
index d9cf8f337..4c62e2ef4 100644
--- a/storage/storage_dest.go
+++ b/storage/storage_dest.go
@@ -993,12 +993,27 @@ func (s *storageImageDestination) createNewLayer(index int, layerDigest digest.D
 				return nil, err
 			}
 
+			// FIXME: Should we insist on UncompressedDigest being always set, and hard fail otherwise??
 			untrustedUncompressedDigest = d
 			// While the contents of the digest are untrusted, make sure at least the _format_ is valid,
 			// because we are going to write it to durable storage in expectedLayerDiffIDFlag .
 			if err := untrustedUncompressedDigest.Validate(); err != nil {
 				return nil, err
 			}
+		} else {
+			// FIXME: Clean up. Maybe the generic code can provide us the config earlier?
+			// FIXME: Always enforce this for all layers??!
+			d, err := s.untrustedLayerDiffID(index)
+			if err != nil {
+				if errors.Is(err, errUntrustedLayerDiffIDNotYetAvailable) {
+					logrus.Debugf("Skipping commit for layer %q, manifest not yet available", newLayerID)
+					return nil, nil
+				}
+				return nil, err
+			}
+			if diffOutput.UncompressedDigest != d {
+				return nil, fmt.Errorf("uncompressed digest inconsistency for layer %d: config %q vs. computed %q", index, d, diffOutput.UncompressedDigest)
+			}
 		}
 
 		flags := make(map[string]interface{})