diff --git a/OvmfPkg/README b/OvmfPkg/README
index 213d8648d6..f2c2fc7996 100644
--- a/OvmfPkg/README
+++ b/OvmfPkg/README
@@ -179,6 +179,43 @@ longer.)
     VirtioNetDxe |                                        x
     Intel PROEFI |   x
 
+=== OVMF Flash Layout ===
+
+Like all current IA32/X64 system designs, OVMF's firmware
+device (rom/flash) appears in QEMU's physical address space
+just below 4GB (0x100000000).
+
+The layout of the firmware device in memory looks like:
+
++--------------------------------------- 4GB (0x100000000)
+| VTF0 (16-bit reset code) and OVMF SEC
+| (SECFV)
++--------------------------------------- varies based on flash size
+|
+| Compressed main firmware image
+| (FVMAIN_COMPACT)
+|
++--------------------------------------- base + 0x20000
+| Fault-tolerant write (FTW)
+| Spare blocks (64KB/0x10000)
++--------------------------------------- base + 0x10000
+| FTW Work block (4KB/0x1000)
++--------------------------------------- base + 0x0f000
+| Event log area (4KB/0x1000)
++--------------------------------------- base + 0x0e000
+| Non-volatile variable storage
+| area (56KB/0xe000)
++--------------------------------------- base address
+
+OVMF supports building a 1MB or a 2MB flash image. The base address for
+a 1MB image in QEMU physical memory is 0xfff00000. The base address for
+a 2MB image is 0xffe00000.
+
+The code in SECFV locates FVMAIN_COMPACT, and decompresses the
+main firmware (MAINFV) into RAM memory at address 0x800000. The
+remaining OVMF firmware then uses this decompressed firmware
+volume image.
+
 === UNIXGCC Debug ===
 
 If you build with the UNIXGCC toolchain, then debugging will be disabled