diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index db78292469e7374f0afb6295f82de99c81098dfd..b932e72a832f8cbf72b1bb346b7a373cf4e53d2e 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index b8a7e6f9ed5621d79025664101bde78bc1684155..6a41c98a6075123087c69ce78bb2df820143c602 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -2930,7 +2930,7 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   personalised Apple Secure Boot identifiers. If you want to use this setting,
   make sure to generate a random 64-bit number with a cryptographically secure
   random number generator. With this value set and \texttt{SecureBootModel} valid
-  and not \texttt{Disabled} it is possible to ahieve
+  and not \texttt{Disabled} it is possible to achieve
   \href{https://support.apple.com/en-us/HT208330}{\texttt{Full Security}} of Apple
   Secure Boot.
 
diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
index e1a5818d9f378b7e65576869bc57f65ccee64e3c..ab7a9abcb1f591c230acbd0c4d8c8a200e7c608b 100644
Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
index 33df27b75ce4bc389473507a65fc3df8d1b14a9a..f3364ff1fbc6f800243245d79d9ec064308cf948 100644
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
 %DIF DEL PreviousConfiguration.tex   Sat Aug  8 20:55:30 2020
-%DIF ADD ../Configuration.tex        Tue Aug 11 15:34:19 2020
+%DIF ADD ../Configuration.tex        Tue Aug 11 20:28:27 2020
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -2997,7 +2997,7 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
   personalised Apple Secure Boot identifiers. If you want to use this setting,
   make sure to generate a random 64-bit number with a cryptographically secure
   random number generator. With this value set and }\texttt{\DIFadd{SecureBootModel}} \DIFadd{valid
-  and not }\texttt{\DIFadd{Disabled}} \DIFadd{it is possible to ahieve
+  and not }\texttt{\DIFadd{Disabled}} \DIFadd{it is possible to achieve
   }\href{https://support.apple.com/en-us/HT208330}{\texttt{Full Security}} \DIFadd{of Apple
   Secure Boot.
 }
diff --git a/Docs/Errata/Errata.pdf b/Docs/Errata/Errata.pdf
index 01d60a64eb7bac2e2c8686d26cbfe401e24ed954..3f2dab6a08b4a00546ad95acae6a738afe526e10 100644
Binary files a/Docs/Errata/Errata.pdf and b/Docs/Errata/Errata.pdf differ
diff --git a/Library/OcAppleImg4Lib/OcAppleImg4Lib.c b/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
index 7f8d6fbd4fb5530cffbaa335daab0dbb9616a5d5..28b92e3528ca345578dce273e6ad4411fb17d514 100644
--- a/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
+++ b/Library/OcAppleImg4Lib/OcAppleImg4Lib.c
@@ -206,40 +206,57 @@ OcAppleImg4Verify (
                 ObjType
                 );
   if (DerResult != DR_Success) {
+    DEBUG ((
+      DEBUG_INFO,
+      "OCI4: Manifest (%u) for %08X parse fail with code %d\n",
+      ManifestSize,
+      ObjType,
+      DerResult
+      ));
     return EFI_SECURITY_VIOLATION;
   }
 
   CmpResult = -1;
 
+  DEBUG ((
+    DEBUG_INFO,
+    "OCI4: Verifying digest %u (%02X%02X%02X%02X) override %d %u (%02X%02X%02X%02X)\n",
+    ManInfo.imageDigestSize,
+    ManInfo.imageDigest[0],
+    ManInfo.imageDigest[1],
+    ManInfo.imageDigest[2],
+    ManInfo.imageDigest[3],
+    mHasDigestOverride,
+    SHA384_DIGEST_SIZE,
+    mOriginalDigest[0],
+    mOriginalDigest[1],
+    mOriginalDigest[2],
+    mOriginalDigest[3]
+    ));
+
   //
   // Provide a route to accept our modified kernel as long as we can trust it is really it.
   //
-  if (mHasDigestOverride) {
+  if (mHasDigestOverride
+    && ManInfo.imageDigestSize == SHA384_DIGEST_SIZE
+    && CompareMem (mOriginalDigest, ManInfo.imageDigest, sizeof (mOriginalDigest)) == 0) {
+    Sha384 (Digest, ImageBuffer, ImageSize);
+    CmpResult = CompareMem (Digest, mOverrideDigest, sizeof (mOverrideDigest));
     DEBUG ((
       DEBUG_INFO,
-      "OCI4: Trying override %u vs %u for %02X%02X%02X%02X\n",
-      ManInfo.imageDigestSize,
-      SHA384_DIGEST_SIZE,
-      ManInfo.imageDigest[0],
-      ManInfo.imageDigest[1],
-      ManInfo.imageDigest[2],
-      ManInfo.imageDigest[3]
+      "OCI4: Matching override %02X%02X%02X%02X with %02X%02X%02X%02X - %a\n",
+      mOverrideDigest[0],
+      mOverrideDigest[1],
+      mOverrideDigest[2],
+      mOverrideDigest[3],
+      Digest[0],
+      Digest[1],
+      Digest[2],
+      Digest[3],
+      CmpResult == 0 ? "success" : "failure"
       ));
-    if (ManInfo.imageDigestSize == SHA384_DIGEST_SIZE) {
-      Sha384 (Digest, ImageBuffer, ImageSize);
-      if (CompareMem (Digest, mOverrideDigest, sizeof (mOverrideDigest)) == 0
-        && CompareMem (mOriginalDigest, ManInfo.imageDigest, sizeof (mOriginalDigest)) == 0) {
-        DEBUG ((
-          DEBUG_INFO,
-          "OCI4: Digest matched %02X%02X%02X%02X, accepting and disabling\n",
-          mOriginalDigest[0],
-          mOriginalDigest[1],
-          mOriginalDigest[2],
-          mOriginalDigest[3]
-          ));
-        CmpResult = 0;
-        mHasDigestOverride = FALSE;
-      }
+    if (CmpResult == 0) {
+      mHasDigestOverride = FALSE;
     }
   }
 
diff --git a/Utilities/macrecovery/macrecovery.py b/Utilities/macrecovery/macrecovery.py
index bebe2e7d698dc6d7b28df782015eed767b07dbeb..729601da1cf155196acdbc81db6968ad7b27068a 100755
--- a/Utilities/macrecovery/macrecovery.py
+++ b/Utilities/macrecovery/macrecovery.py
@@ -183,6 +183,8 @@ def action_download(args):
   session = get_session()
   info    = get_image_info(session, bid=args.board_id, mlb=args.mlb,
     diag=args.diagnostics, os_type=args.os_type)
+  if args.verbose:
+    print(info)
   print('Downloading ' + info[INFO_PRODUCT] + '...')
   dmgname = '' if args.basename == '' else args.basename + '.dmg'
   save_image(info[INFO_IMAGE_LINK], info[INFO_IMAGE_SESS], dmgname, args.outdir)