diff --git a/deploy/DNS.md b/deploy/DNS.md
index e9cc0a7a15..46bbc171a8 100644
--- a/deploy/DNS.md
+++ b/deploy/DNS.md
@@ -14,7 +14,7 @@ Before deploying NICo, you must configure DNS A records that resolve each `.nico
 |---|---|---|---|---|---|
 | `nico-api.nico` | 443 | gRPC / TLS | DPU agents, admin CLI, PXE service, DHCP plugin, FMDS, health probe | `nico-api` pod | NICo gRPC API |
 | `nico-pxe.nico` | 80 | HTTP | DPU agents, iPXE clients | `nico-pxe` pod | iPXE scripts, cloud-init payloads, boot artifacts, internal APT |
-| `nico-static-pxe.nico` | 80 | HTTP | Host PXE loader (scout) | `nico-static-pxe` pod | Static boot files: `scout.cpio.zst`, `scout.efi`, BFB images |
+| `nico-static-pxe.nico` | 80 | HTTP | Host PXE loader (scout) | `nico-static-pxe` pod | Static boot files: `scout.squashfs`, `scout.efi`, BFB images |
 | `nico-ntp.nico` | 123 | UDP (NTP) | DPU agents, managed hosts (DHCP option 42) | `nico-ntp` pods | NTP time synchronisation |
 | `unbound.nico` | 53 | UDP / TCP (DNS) | DPU agents, managed hosts (DHCP option 6) | `nico-unbound` pod | Site-local recursive DNS resolver |
 | `otel-receiver.nico` | 443 | gRPC / TLS (OTLP) | DPU otel-collector sidecars | otel-receiver service | OpenTelemetry ingestion endpoint |
@@ -71,7 +71,7 @@ Serves dynamic per-machine iPXE boot scripts, cloud-init payloads, boot artifact
 Serves pre-built, version-controlled boot assets used during host bring-up. Unlike `nico-pxe.nico`, content here is static rather than dynamically generated per machine.
 
 **Consumers:**
-- Scout host PXE loader — downloads `scout.cpio.zst` (the initramfs), `scout.efi`, and BFB images used during host network boot and DPU firmware provisioning
+- Scout host PXE loader — downloads `scout.squashfs` (the initramfs), `scout.efi`, and BFB images used during host network boot and DPU firmware provisioning
 
 **Configurability:** The URL is hardcoded in host boot shell scripts (`pxe/common_files/scout-loader-rclocal`, `pxe/common_files/check-scout-updates.sh`) that are embedded in boot images at build time. The server-side deployment can set `NICO_STATIC_PXE_URL` to override the URL used by the PXE service, but the embedded client scripts that run on hosts **cannot be reconfigured at runtime**.
 
diff --git a/deploy/files/unbound/local_data.conf b/deploy/files/unbound/local_data.conf
index e2213b7343..3876cfc542 100644
--- a/deploy/files/unbound/local_data.conf
+++ b/deploy/files/unbound/local_data.conf
@@ -11,7 +11,7 @@ server:
     local-data: "nico-pxe.nico 300 IN A {{ NICO_PXE_IP }}"
 
     # nico-static-pxe.nico — Static boot asset server
-    # Port 80 (HTTP). Accessed by the host scout PXE loader for scout.cpio.zst,
+    # Port 80 (HTTP). Accessed by the host scout PXE loader for scout.squashfs,
     # scout.efi, and BFB images.
     # WARNING: hardcoded in pxe/common_files/scout-loader-rclocal and
     #          pxe/common_files/check-scout-updates.sh
diff --git a/docs/getting-started/installation-options/day0-ip-network-config.md b/docs/getting-started/installation-options/day0-ip-network-config.md
index 34b325efe4..7ce9a4b71b 100644
--- a/docs/getting-started/installation-options/day0-ip-network-config.md
+++ b/docs/getting-started/installation-options/day0-ip-network-config.md
@@ -288,7 +288,7 @@ The required A records (shown for `.forge`; substitute `.nico` if your binaries
 |---|---|---|---|---|
 | `carbide-api.forge` | 443 | `carbide-api` external LoadBalancer VIP | NICo gRPC API | Yes — `NICO_API_URL` env var on most clients |
 | `carbide-pxe.forge` | 80 | `carbide-pxe` LoadBalancer VIP | iPXE scripts, cloud-init, internal APT, TLS root CA | **No** — hardcoded in the compiled DPU agent |
-| `carbide-static-pxe.forge` | 80 | Static PXE asset server VIP | `scout.cpio.zst`, `scout.efi`, BFB images, and other static boot artifacts | **No** — hardcoded in the host boot scripts that ship inside boot images |
+| `carbide-static-pxe.forge` | 80 | Static PXE asset server VIP | `scout.squashfs`, `scout.efi`, BFB images, and other static boot artifacts | **No** — hardcoded in the host boot scripts that ship inside boot images |
 | `carbide-ntp.forge` | 123 | Operator-supplied NTP server IP(s) — the record points at your existing NTP infrastructure, not a NICo-deployed service | NTP time sync; agent reads this and re-advertises via DHCP option 42 | **No** — hostname is hardcoded in the compiled DPU agent; multiple A records recommended |
 | `unbound.forge` | 53 | `unbound` LoadBalancer VIP | Recursive DNS resolver | Yes — the resolver address itself is distributed via DHCP option 6 |
 | `otel-receiver.forge` | 443 | OTel receiver VIP on the site controller | OTLP ingestion endpoint for DPU otel-collector sidecars | Yes — set in the otel-collector configuration YAML and re-deployed |