diff --git a/man/ukify.xml b/man/ukify.xml
index 9262ae34b2..0f953cd94d 100644
--- a/man/ukify.xml
+++ b/man/ukify.xml
@@ -45,11 +45,19 @@
Descriptionukify is a tool whose primary purpose is to combine components (usually a
- kernel, an initrd, and a UEFI boot stub) to create a
- Unified Kernel Image (UKI)
- — a PE binary that can be executed by the firmware to start the embedded linux kernel.
- See systemd-stub7
- for details about the stub.
+ kernel, an initrd, and the
+ systemd-stub7 UEFI
+ stub) to create a Unified
+ Kernel Image (UKI) — a single PE binary that boots the system. When the UKI is executed, the stub
+ extracts and boots the embedded linux kernel. The UKI can be started directly by the firmware or through
+ a boot loader. When used with qemu, a UKI can also
+ be executed through "direct kernel boot", see example below.
+
+ ukify can also be used generate other types of UKI-like images, in particular
+ extensions. See the description of the build verb below. ukify can
+ also generate certificates and keys for SecureBoot and PCR signing, see the description of the
+ genkey verb below. ukify can also print detailed information about
+ unified kernel images, see the description of inspect verb below.
@@ -719,6 +727,27 @@
This creates an unsigned UKI ./vmlinuz.unsigned.efi.
+
+ Direct kernel boot in a virtual machine
+
+ When using qemu with
+ OVMF
+ (UEFI Firmware for virtual machines) the switch can be used directly with a
+ UKI. Example:
+
+
+ qemu-kvm
+ -drive if=pflash,format=qcow2,readonly=on,file=/usr/share/edk2/ovmf/OVMF_CODE_4M.qcow2
+ -kernel ./vmlinuz.unsigned.efi
+ [ ... ]
+
+
+
+ (The path to the firmware file might need to be adjusted depending on the distribution.) Usually,
+ another argument would to be used to attach an actual disk image, but this
+ is not required.
+
+
All the bells and whistles