From 8e6e5c155316ab72e57408498e771eee95eb3f76 Mon Sep 17 00:00:00 2001
From: Markus Merklinger <markus@nitrokey.com>
Date: Mon, 6 May 2024 18:38:11 +0200
Subject: [PATCH 1/3] Add container unikernel instructions

---
 nethsm/integration.rst | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/nethsm/integration.rst b/nethsm/integration.rst
index 3fffbf2ee9..f063c7d6b5 100644
--- a/nethsm/integration.rst
+++ b/nethsm/integration.rst
@@ -31,7 +31,20 @@ The container can be executed as follows.
 
          $ podman run --rm -ti -p8443:8443 docker.io/nitrokey/nethsm:testing 
 
-This will provide the REST API on the port `8443` via the HTTPS protocol.
+This will run NetHSM as a Unix process inside the container and expose the REST API on the port `8443` via the HTTPS protocol.
+
+Additionaly to running the NetHSM as a Unix process it can be run as a unikernel supported by KVM.
+
+The container can be executed as follows.
+
+.. tabs::
+   .. tab:: Docker
+      .. code-block:: bash
+
+         $ docker run -ti --rm -p 8443:8443 --device /dev/net/tun --device /dev/kvm --cap-add=NET_ADMIN nitrokey/nethsm:testing
+
+This will run NetHSM as a unikernel inside a KVM virtual machine.
+The container will expose the REST API, via the HTTPS protocol, on the interface `tap200` with the IP address `192.168.1.100` and port `8443`.
 
 .. important::
    The container uses a self-signed TLS certificate.

From 52097ebf0646ec31e45540d6bd4c60b26a5cd75f Mon Sep 17 00:00:00 2001
From: Markus Merklinger <markus@nitrokey.com>
Date: Mon, 6 May 2024 18:56:01 +0200
Subject: [PATCH 2/3] Move chapter REST-API to the top of the document

---
 nethsm/integration.rst | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/nethsm/integration.rst b/nethsm/integration.rst
index f063c7d6b5..fdc412e98f 100644
--- a/nethsm/integration.rst
+++ b/nethsm/integration.rst
@@ -3,6 +3,12 @@ Integration
 
 The chapter describes processes for various tasks and aims at all user groups.
 
+REST-API
+~~~~~~~~
+
+NetHSM's API specification is available in `OpenAPI format <https://nethsmdemo.nitrokey.com/api_docs/nethsm-api.yaml>`_,
+and can be inspected and tested in the `API browser <https://nethsmdemo.nitrokey.com/api_docs/index.html>`_.
+
 PKCS#11
 -------
 
@@ -90,9 +96,3 @@ This folder also contains the necessary documentation how to use it.
    The mode of SELinux can be requested with ``sestatus |grep "Current mode"``.
    If the mode is set to ``enforcing``, a change to the context is required.
    In this case the volume mount must be postfixed with ``:z``, resulting in ``-v "${PWD}/out:/out:z"``.
-
-REST-API
-~~~~~~~~
-
-NetHSM's API specification is available in `OpenAPI format <https://nethsmdemo.nitrokey.com/api_docs/nethsm-api.yaml>`_,
-and can be inspected and tested in the `API browser <https://nethsmdemo.nitrokey.com/api_docs/index.html>`_.

From 6017219ceb0a8e33c829f5e0cb1b9f77776d2285 Mon Sep 17 00:00:00 2001
From: Markus Merklinger <markus@nitrokey.com>
Date: Tue, 7 May 2024 13:58:38 +0200
Subject: [PATCH 3/3] Change wording in REST-API chapter

---
 nethsm/integration.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nethsm/integration.rst b/nethsm/integration.rst
index fdc412e98f..c4d8ddc45d 100644
--- a/nethsm/integration.rst
+++ b/nethsm/integration.rst
@@ -6,7 +6,8 @@ The chapter describes processes for various tasks and aims at all user groups.
 REST-API
 ~~~~~~~~
 
-NetHSM's API specification is available in `OpenAPI format <https://nethsmdemo.nitrokey.com/api_docs/nethsm-api.yaml>`_,
+NetHSM's primary interface is a modern REST-API that guarantees best performance and functionality.
+The API specification is available in `OpenAPI format <https://nethsmdemo.nitrokey.com/api_docs/nethsm-api.yaml>`_,
 and can be inspected and tested in the `API browser <https://nethsmdemo.nitrokey.com/api_docs/index.html>`_.
 
 PKCS#11