diff --git a/Changelog.md b/Changelog.md
index 741ab07d..480a389c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -6,6 +6,7 @@ OpenCore Changelog
 - Added Arrow Lake CPU detection
 - Fixed Raptor Lake CPU detection
 - Supported booting with TuneD in Fedora 41 in OpenLinuxBoot
+- Fixed failure of vault `sign.command` to insert signature in correct location in some circumstances
 
 #### v1.0.2
 - Fixed error in macrecovery when running headless, thx @mkorje
diff --git a/Docs/Configuration.md5 b/Docs/Configuration.md5
index 4cf502e2..57e39321 100644
--- a/Docs/Configuration.md5
+++ b/Docs/Configuration.md5
@@ -1 +1 @@
-803349296249f30c802a43fbe92926c6
+fa42399c09fbdc260b41745484b4a752
diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index ddf77ab9..49e0d006 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index 707439e0..b74e45a6 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -4724,7 +4724,7 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   \href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/CreateVault}{RsaTool}.
 
 
-  The complete set of commands to:
+  The steps to binary patch \texttt{OpenCore.efi} are:
 
   \begin{itemize}
   \tightlist
@@ -4734,14 +4734,9 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   \item Create \texttt{vault.sig}.
   \end{itemize}
 
-  Can look as follows:
+  A script to do this is privided in OpenCore releases:
 \begin{lstlisting}[label=createvault, style=ocbash]
-cd /Volumes/EFI/EFI/OC
-/path/to/create_vault.sh .
-/path/to/RsaTool -sign vault.plist vault.sig vault.pub
-off=$(($(strings -a -t d OpenCore.efi | grep "=BEGIN OC VAULT=" | cut -f1 -d' ')+16))
-dd of=OpenCore.efi if=vault.pub bs=1 seek=$off count=528 conv=notrunc
-rm vault.pub
+/Utilities/CreateVault/sign.command /Volumes/EFI/EFI/OC
 \end{lstlisting}
 
   \emph{Note 1}: While it may appear obvious, an external
diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
index 64bff6d3..3e5b6f71 100644
Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
index ba53c0e5..01c5fba9 100644
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
-%DIF DEL PreviousConfiguration.tex   Sat Nov  9 05:47:31 2024
-%DIF ADD ../Configuration.tex        Wed Nov 20 08:35:03 2024
+%DIF DEL PreviousConfiguration.tex   Tue Nov 26 03:15:30 2024
+%DIF ADD ../Configuration.tex        Tue Nov 26 03:15:30 2024
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -4785,7 +4785,7 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   \href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/CreateVault}{RsaTool}.
 
 
-  The complete set of commands to:
+  The \DIFdelbegin \DIFdel{complete set of commands to }\DIFdelend \DIFaddbegin \DIFadd{steps to binary patch }\texttt{\DIFadd{OpenCore.efi}} \DIFadd{are}\DIFaddend :
 
   \begin{itemize}
   \tightlist
@@ -4795,15 +4795,18 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   \item Create \texttt{vault.sig}.
   \end{itemize}
 
-  Can look as follows:
-\begin{lstlisting}[label=createvault, style=ocbash]
-cd /Volumes/EFI/EFI/OC
-/path/to/create_vault.sh .
-/path/to/RsaTool -sign vault.plist vault.sig vault.pub
-off=$(($(strings -a -t d OpenCore.efi | grep "=BEGIN OC VAULT=" | cut -f1 -d' ')+16))
-dd of=OpenCore.efi if=vault.pub bs=1 seek=$off count=528 conv=notrunc
-rm vault.pub
+  \DIFdelbegin \DIFdel{Can look as follows}\DIFdelend \DIFaddbegin \DIFadd{A script to do this is privided in OpenCore releases}\DIFaddend :
+\DIFmodbegin
+\begin{lstlisting}[label=createvault, style=ocbash,alsolanguage=DIFcode]
+%DIF < cd /Volumes/EFI/EFI/OC
+%DIF < /path/to/create_vault.sh .
+%DIF < /path/to/RsaTool -sign vault.plist vault.sig vault.pub
+%DIF < off=$(($(strings -a -t d OpenCore.efi | grep "=BEGIN OC VAULT=" | cut -f1 -d' ')+16))
+%DIF < dd of=OpenCore.efi if=vault.pub bs=1 seek=$off count=528 conv=notrunc
+%DIF < rm vault.pub
+%DIF > /Utilities/CreateVault/sign.command /Volumes/EFI/EFI/OC
 \end{lstlisting}
+\DIFmodend
 
   \emph{Note 1}: While it may appear obvious, an external
   method is required to verify \texttt{OpenCore.efi} and \texttt{BOOTx64.efi} for
diff --git a/Docs/Errata/Errata.pdf b/Docs/Errata/Errata.pdf
index d420d9e4..e73cd27d 100644
Binary files a/Docs/Errata/Errata.pdf and b/Docs/Errata/Errata.pdf differ
diff --git a/Library/OcMainLib/OpenCoreVault.c b/Library/OcMainLib/OpenCoreVault.c
index af5a54f3..064d5cc7 100644
--- a/Library/OcMainLib/OpenCoreVault.c
+++ b/Library/OcMainLib/OpenCoreVault.c
@@ -14,24 +14,21 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include <Library/OcMainLib.h>
 
-#pragma pack(push, 1)
-
-typedef PACKED struct {
+typedef struct {
   OC_RSA_PUBLIC_KEY_HDR    Hdr;
   UINT64                   Data[(2 * (2048 / OC_CHAR_BIT)) / sizeof (UINT64)];
 } OC_RSA_PUBLIC_KEY_2048;
 
-typedef PACKED struct {
+typedef struct {
   CHAR8                     StartMagic[16];
   OC_RSA_PUBLIC_KEY_2048    VaultKey;
   CHAR8                     EndMagic[16];
 } OC_BUILTIN_VAULT_KEY;
 
-#pragma pack(pop)
-
+BASE_ALIGNAS (16)
 STATIC
 OC_BUILTIN_VAULT_KEY
-  mOpenCoreVaultKey = {
+mOpenCoreVaultKey = {
   .StartMagic = { '=', 'B', 'E', 'G', 'I', 'N', ' ', 'O', 'C', ' ', 'V', 'A', 'U', 'L', 'T', '=' },
   .EndMagic   = { '=', '=', 'E', 'N', 'D', ' ', 'O', 'C', ' ', 'V', 'A', 'U', 'L', 'T', '=', '=' }
 };
@@ -44,6 +41,15 @@ OcGetVaultKey (
   UINT32   Index;
   BOOLEAN  AllZero;
 
+  STATIC_ASSERT (
+    sizeof (OC_RSA_PUBLIC_KEY_2048) == 528,
+    "sizeof(OC_RSA_PUBLIC_KEY_2048)"
+    );
+  STATIC_ASSERT (
+    sizeof (OC_BUILTIN_VAULT_KEY) == sizeof (OC_RSA_PUBLIC_KEY_2048) + 32,
+    "sizeof(OC_BUILTIN_VAULT_KEY)"
+    );
+
   //
   // TODO: Perhaps try to get the key from firmware too?
   //
diff --git a/Utilities/CreateVault/sign.command b/Utilities/CreateVault/sign.command
index ffbdec17..cbb2366b 100755
--- a/Utilities/CreateVault/sign.command
+++ b/Utilities/CreateVault/sign.command
@@ -61,7 +61,7 @@ echo "Signing ${OCBin}..."
 ./RsaTool -sign "${OCPath}/vault.plist" "${OCPath}/vault.sig" "${PubKey}" || abort "Failed to patch ${PubKey}"
 
 echo "Bin-patching ${OCBin}..."
-off=$(($(/usr/bin/strings -a -t d "${OCBin}" | /usr/bin/grep "=BEGIN OC VAULT=" | /usr/bin/awk '{print $1}') + 16))
+off=$((0x$(/usr/bin/hexdump -C "${OCBin}" | /usr/bin/grep "=BEGIN OC VAULT=" | /usr/bin/awk '{print $1}') + 16))
 if [ "${off}" -le 16 ]; then
   abort "${OCBin} is borked"
 fi