diff --git a/pkg/oci/layout_test.go b/pkg/oci/layout_test.go
index fa40a2a..12feb93 100644
--- a/pkg/oci/layout_test.go
+++ b/pkg/oci/layout_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/docker/attest/pkg/mirror"
 	"github.com/docker/attest/pkg/oci"
 	"github.com/docker/attest/pkg/policy"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -18,6 +19,11 @@ func TestAttestationFromOCILayout(t *testing.T) {
 	ctx, signer := test.Setup(t)
 	outputLayout := test.CreateTempDir(t, "", "attest-oci-layout")
 
+	invalidPlatform := &v1.Platform{
+		Architecture: "invalid",
+		OS:           "invalid",
+	}
+
 	opts := &attestation.SigningOptions{}
 	attIdx, err := oci.IndexFromPath(oci.UnsignedTestImage)
 	require.NoError(t, err)
@@ -26,16 +32,38 @@ func TestAttestationFromOCILayout(t *testing.T) {
 	signedIndex := attIdx.Index
 	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)
 	require.NoError(t, err)
-
 	spec, err := oci.ParseImageSpec(oci.LocalPrefix + outputLayout)
 	require.NoError(t, err)
 	err = mirror.SaveIndex([]*oci.ImageSpec{spec}, signedIndex, outputLayout)
 	require.NoError(t, err)
 
-	resolver, err := policy.CreateImageDetailsResolver(spec)
-	require.NoError(t, err)
-	desc, err := resolver.ImageDescriptor(ctx)
-	require.NoError(t, err)
-	digest := desc.Digest.String()
-	assert.True(t, strings.Contains(digest, "sha256:"))
+	testCases := []struct {
+		name     string
+		platform *v1.Platform
+		errorStr string
+	}{
+		{name: "nominal", platform: spec.Platform},
+		{name: "invalid platform", platform: invalidPlatform, errorStr: "platform not found in index"},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			spec := &oci.ImageSpec{
+				Type:       oci.OCI,
+				Identifier: outputLayout,
+				Platform:   tc.platform,
+			}
+			resolver, err := policy.CreateImageDetailsResolver(spec)
+			if tc.errorStr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tc.errorStr)
+				return
+			}
+			require.NoError(t, err)
+			desc, err := resolver.ImageDescriptor(ctx)
+			require.NoError(t, err)
+			digest := desc.Digest.String()
+			assert.True(t, strings.Contains(digest, "sha256:"))
+		})
+	}
 }