diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index 5f4d0fb4ea1..ebe203903c3 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -1620,22 +1620,20 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
   \texttt{FixupAppleEfiImages}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
   \textbf{Failsafe}: \texttt{false}\\
-  \textbf{Description}: Fix errors in early Mac OS X boot.efi images.
+  \textbf{Description}: Fix permissions and section errors in macOS \texttt{boot.efi} images.
 
-  Modern secure PE loaders will refuse to load \texttt{boot.efi} images from
-  Mac OS X 10.4 to macOS 10.12 due to these files containing \texttt{W\^{}X} errors
-  (in all versions) and illegal overlapping sections (in 10.4 and 10.5 32-bit
-  versions only).
+  Mac OS X \texttt{boot.efi} images contain \texttt{W\^{}X} permissions errors
+  (in all versions) and in very old versions additionally contain illegal overlapping sections
+  (affects 10.4 and 10.5 32-bit versions only). Modern secure PE loaders (including the OpenCore
+  loader in current releases of OpenDuet) will refuse to these images
+  unless additional mitigations are applied.
 
-  This quirk detects these issues and pre-processes such images in memory,
+  This quirk detects these issues and pre-processes such images in memory
   so that a modern loader will accept them.
 
-  Pre-processing in memory is incompatible with secure boot, as the image loaded
-  is not the image on disk, so you cannot sign files which are loaded in this way
-  based on their original disk image contents.
-  Certain firmware will offer to register the hash of new, unknown images - this would
-  still work. On the other hand, it is not particularly realistic to want to
-  start these early, insecure images with secure boot anyway.
+  If on a system with such a secure loader, this quirk is required to load
+  Mac OS X 10.4 to macOS 10.12, and is required for all newer
+  macOS when \texttt{SecureBootModel} is set to \texttt{Disabled}.
 
   \emph{Note 1}: The quirk is never applied during the Apple secure boot path for
   newer macOS. The Apple secure boot path includes its own separate mitigations
@@ -1652,11 +1650,13 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
       within their filesystem.
     \end{itemize}
 
-  \emph{Note 3}: This quirk is needed for Mac OS X 10.4 to macOS 10.12 (and
-  higher, if Apple secure boot is not enabled), but only when the firmware
-  itself includes a modern, more secure PE COFF image loader. This applies to
-  current builds of OpenDuet, and to OVMF if built from audk source code.
-
+  \emph{Note 3}: Pre-processing in memory is incompatible with secure boot, as the image loaded
+  is not the image on disk, so you cannot sign files which are loaded in this way
+  based on their original disk image contents.
+  Certain firmware will offer to register the hash of new, unknown images - this would
+  still work. On the other hand, it is not particularly realistic to want to
+  start these early, insecure images with secure boot anyway.
+  
 \item
   \texttt{ForceBooterSignature}\\
   \textbf{Type}: \texttt{plist\ boolean}\\