Hi Gerd,
On 6/4/2026 6:44 AM, Gerd Hoffmann wrote:
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> docs/system/linuxboot.rst | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/docs/system/linuxboot.rst b/docs/system/linuxboot.rst
> index f7573ab80aa2..72af18ce1b5e 100644
> --- a/docs/system/linuxboot.rst
> +++ b/docs/system/linuxboot.rst
> @@ -17,6 +17,15 @@ Use ``-kernel`` to provide the Linux kernel image and ``-append`` to
> give the kernel command line arguments. The ``-initrd`` option can be
> used to provide an INITRD image.
>
> +The ``-shim`` option specifies the shim.efi binary. This is needed
> +when using direct kernel boot with UEFI secure boot enabled. The
> +verification chain used by linux distros requires shim.efi. Typically
> +shim.efi is signed by micsosoft and verified by the firmware. The
> +linux kernel is signed by the distro and is verified by shim.efi. So
> +without shim.efi in the loop secure boot verification will not work.
> +Usually you can find shim.efi as ``EFI/BOOT/BOOT{X64,AA64}.EFI`` on
> +distro install media.
> +
> If you do not need graphical output, you can disable it and redirect the
> virtual serial port and the QEMU monitor to the console with the
> ``-nographic`` option. The typical command line is:
Are the double space before sentences expected, or just a broken formatting?
Also, s/micsosoft/microsoft.
Regards,
Pierrick