diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml
index 184b10bc883fa..6e853336c224f 100644
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
@@ -55,38 +55,37 @@
       <!-- Let's keep this in the canonical order we also measure the sections by, i.e. as in
            src/fundamental/uki.h's UnifiedSection enum -->
 
-      <listitem><para>The ELF Linux kernel images will be looked for in the <literal>.linux</literal> PE
-      section of the executed image.</para></listitem>
+      <listitem><para>A <literal>.linux</literal> section with the ELF Linux kernel image.</para></listitem>
 
-      <listitem><para>OS release information, i.e. the
-      <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file of
-      the OS the kernel belongs to, in the <literal>.osrel</literal> PE section.</para></listitem>
+      <listitem><para>An <literal>.osrel</literal> section with OS release information, i.e. the contents of
+      the <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
+      of the OS the kernel belongs to.</para></listitem>
 
-      <listitem><para>The kernel command line to pass to the invoked kernel will be looked for in the
-      <literal>.cmdline</literal> PE section.</para></listitem>
+      <listitem><para>A <literal>.cmdline</literal> section with the kernel command line to pass to the
+      invoked kernel.</para></listitem>
 
-      <listitem><para>The initrd will be loaded from the <literal>.initrd</literal> PE
-      section.</para></listitem>
+      <listitem><para>An <literal>.initrd</literal> section with the initrd.</para></listitem>
 
-      <listitem><para>A boot splash (in Windows <filename>.BMP</filename> format) to show on screen before
-      invoking the kernel will be looked for in the <literal>.splash</literal> PE section.</para></listitem>
+      <listitem><para>A <literal>.splash</literal> section with an image (in the Windows
+      <filename>.BMP</filename> format) to show on screen before invoking the kernel.</para></listitem>
 
-      <listitem><para>A compiled binary DeviceTree will be looked for in the <literal>.dtb</literal> PE
-      section.</para></listitem>
+      <listitem><para>A <literal>.dtb</literal> section with a compiled binary DeviceTree.</para></listitem>
 
-      <listitem><para>Kernel version information, i.e. the output of <command>uname -r</command> for the
-      kernel included in the UKI, in the <literal>.uname</literal> PE section.</para></listitem>
+      <listitem><para>A <literal>.uname</literal> section with the kernel version information, i.e. the
+      output of <command>uname -r</command> for the kernel included in the <literal>.linux</literal>
+      section.</para></listitem>
 
-      <listitem><para><ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">SBAT</ulink> revocation
-      metadata, in the <literal>.sbat</literal> PE section.</para></listitem>
+      <listitem><para>An <literal>.sbat</literal> section with
+      <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">SBAT</ulink> revocation
+      metadata.</para></listitem>
 
-      <listitem><para>A set of cryptographic signatures for expected TPM2 PCR values when this kernel is
-      booted, in JSON format, in the <literal>.pcrsig</literal> section. This is useful for implementing TPM2
-      policies that bind disk encryption and similar to kernels that are signed by a specific
-      key.</para></listitem>
+      <listitem><para>A <literal>.pcrsig</literal> section with a set of cryptographic signatures for the
+      expected TPM2 PCR values after the kernel has been booted, in JSON format. This is useful for
+      implementing TPM2 policies that bind disk encryption and similar to kernels that are signed by a
+      specific key.</para></listitem>
 
-      <listitem><para>A public key in PEM format matching this TPM2 PCR signature data in the
-      <literal>.pcrpkey</literal> section.</para></listitem>
+      <listitem><para>A <literal>.pcrpkey</literal> section with a public key in the PEM format matching the
+      signature data in the the <literal>.pcrsig</literal> section.</para></listitem>
     </itemizedlist>
 
     <para>If UEFI SecureBoot is enabled and the <literal>.cmdline</literal> section is present in the executed
@@ -100,15 +99,14 @@
     DeviceTree in the corresponding EFI configuration table. systemd-stub will ask the firmware via the
     <literal>EFI_DT_FIXUP_PROTOCOL</literal> for hardware specific fixups to the DeviceTree.</para>
 
-    <para>The contents of seven of these eight PE sections are measured into TPM PCR 11, that is otherwise
-    not used. Thus, it can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section
-    is not included in this PCR measurement, since it's supposed to contain signatures for the expected
-    results for these measurements, i.e. of the outputs of the measurement operation, and thus cannot also be
-    input to it.</para>
+    <para>The contents of eight of these nine sections are measured into TPM PCR 11. It is otherwise not used
+    and thus the result can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section
+    is not included in this PCR measurement, since it is supposed to contain signatures for the output of the
+    measurement operation, and thus cannot also be input to it.</para>
 
-    <para>When <literal>.pcrsig</literal> and/or <literal>.pcrpkey</literal> are present in a unified kernel
-    image their contents are passed to the booted kernel in an synthetic initrd cpio archive that places them in the
-    <filename>/.extra/tpm2-pcr-signature.json</filename> and
+    <para>When <literal>.pcrsig</literal> and/or <literal>.pcrpkey</literal> sections are present in a
+    unified kernel image their contents are passed to the booted kernel in an synthetic initrd cpio archive
+    that places them in the <filename>/.extra/tpm2-pcr-signature.json</filename> and
     <filename>/.extra/tpm2-pcr-public-key.pem</filename> files. Typically, a
     <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> line then
     ensures they are copied into <filename>/run/systemd/tpm2-pcr-signature.json</filename> and
@@ -395,7 +393,8 @@
       <varlistentry>
         <term><filename>/</filename></term>
 
-        <listitem><para>The main initrd from the <literal>.initrd</literal> PE section of the unified kernel image.</para>
+        <listitem><para>The main initrd from the <literal>.initrd</literal> PE section of the unified kernel
+        image.</para>
 
         <xi:include href="version-info.xml" xpointer="v252"/></listitem>
       </varlistentry>
@@ -412,8 +411,8 @@
 
       <varlistentry>
         <term><filename>/.extra/global_credentials/*.cred</filename></term>
-        <listitem><para>Similar, credential files in the <filename>/loader/credentials/</filename> directory
-        in the file system the unified kernel image is placed in are copied into the
+        <listitem><para>Similarly, credential files in the <filename>/loader/credentials/</filename>
+        directory in the file system the unified kernel image is placed in are copied into the
         <filename>/.extra/global_credentials/</filename> directory in the initrd execution
         environment.</para>
 
@@ -433,8 +432,7 @@
         <term><filename>/.extra/tpm2-pcr-signature.json</filename></term>
         <listitem><para>The TPM2 PCR signature JSON object included in the <literal>.pcrsig</literal> PE
         section of the unified kernel image is copied into the
-        <filename>/.extra/tpm2-pcr-signature.json</filename> file in the initrd execution
-        environment.</para>
+        <filename>/.extra/tpm2-pcr-signature.json</filename> file in the initrd execution environment.</para>
 
         <xi:include href="version-info.xml" xpointer="v252"/></listitem>
       </varlistentry>
diff --git a/man/systemd-vconsole-setup.service.xml b/man/systemd-vconsole-setup.service.xml
index 614a4d48d268d..90931126db84c 100644
--- a/man/systemd-vconsole-setup.service.xml
+++ b/man/systemd-vconsole-setup.service.xml
@@ -33,7 +33,7 @@
   <refsect1>
     <title>Description</title>
 
-    <para><filename>systemd-vconsole-setup</filename> sets up and configures either all virtual consoles, or
+    <para><command>systemd-vconsole-setup</command> sets up and configures either all virtual consoles, or
     — if the optional <replaceable>TTY</replaceable> parameter is provided — a specific one. When the system
     is booting up, <filename>systemd-vconsole-setup.service</filename> is called by
     <citerefentry><refentrytitle>systemd-udevd</refentrytitle><manvolnum>8</manvolnum></citerefentry> during
diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in
index 3475d456bc918..c6c5bc9130a3f 100644
--- a/units/systemd-vconsole-setup.service.in
+++ b/units/systemd-vconsole-setup.service.in
@@ -17,6 +17,12 @@ DefaultDependencies=no
 Before=sysinit.target
 Before=initrd-switch-root.target shutdown.target
 
+# This unit will be restarted by udev whenever a new vtcon device appears or is
+# triggered. Usually that happens just a handful of times during boot, but some
+# systems may have hundreds or thousands of serial consoles connected, so let's
+# just disable the limit altogether.
+StartLimitIntervalSec=0
+
 [Service]
 Type=oneshot
 # This service will be restarted by udev whenever a new vtcon device appears.