diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index db14038bfbc..639a7231cb2 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -178,6 +178,7 @@
systemd-analyze
OPTIONS
srk
+ >FILE
systemd-analyze
@@ -939,12 +940,17 @@ NR NAME SHA256
- <command>systemd-analyze srk > <replaceable>FILE</replaceable></command>
+ <command>systemd-analyze srk <optional>><replaceable>FILE</replaceable></optional></command>
This command reads the Storage Root Key (SRK) from the TPM2 device, and writes it in marshalled
- TPM2B_PUBLIC format to stdout. Example:
+ TPM2B_PUBLIC format to stdout. The output is non-printable data, so it should be redirected to a file
+ or into a pipe.
- systemd-analyze srk > srk.tpm2b_public
+
+ Save the Storage Root Key to <filename>srk.tpm2b_public</filename>
+
+ systemd-analyze srk >srk.tpm2b_public
+
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 49b4c3b8cc1..ea906c7bfeb 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -240,7 +240,7 @@ static int help(int argc, char *argv[], void *userdata) {
" fdstore SERVICE... Show file descriptor store contents of service\n"
" image-policy POLICY... Analyze image policy string\n"
" pcrs [PCR...] Show TPM2 PCRs and their names\n"
- " srk > FILE Write TPM2 SRK to stdout\n"
+ " srk [>FILE] Write TPM2 SRK (to FILE)\n"
"\nOptions:\n"
" --recursive-errors=MODE Control which units are verified\n"
" --offline=BOOL Perform a security review on unit file(s)\n"