diff --git a/user-doc/user-doc.tex b/user-doc/user-doc.tex
index 8273428..4a6e224 100644
--- a/user-doc/user-doc.tex
+++ b/user-doc/user-doc.tex
@@ -126,10 +126,26 @@ After the configuration options have been set up, rebuild the u-boot binary agai
 
 \subsection{Linux kernel}
 
-{\tt CONFIG\_KEXEC}
+Make sure that the following options are enabled:
+
+\begin{itemize}[noitemsep]
+\item {\tt CONFIG\_BLK\_DEV\_INITRD}
+\item {\tt CONFIG\_RD\_GZIP}
+\item {\tt CONFIG\_RD\_BZIP2}
+\item {\tt CONFIG\_RD\_LZMA}
+\item {\tt CONFIG\_RD\_XZ}
+\item {\tt CONFIG\_RD\_LZO}
+\item {\tt CONFIG\_RD\_LZ4}
+\item {\tt CONFIG\_KEXEC}
+\end{itemize}
+
+As the ROTS image will be read-only once it has been flashed to the SPI NOR flash, it is encouraged to build a minimal kernel images to reduce the amount of possible bugs and vulnerabilities.
+More specifically, it is recommended to build a kernel without any support for networking, graphics and audio.
 
 \subsection{initramfs}
 
+For the initramfs, we will need static binaries of \emph{busybox}, \emph{kexec-tools}, \emph{cpio} and \emph{gzip}.
+
 \section{Flashing ROTS}
 
 \subsection{Using an External Programmer}