diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index 0015ee25..05eb9d25 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index f3d9df88..bcf5019a 100755
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -1323,7 +1323,7 @@ To view their current state use \texttt{pmset -g} command in Terminal.
   This is a security option allowing one to restrict single user mode usage
   by ignoring \texttt{CMD+S} hotkey and \texttt{-s} boot argument. The
   behaviour with this quirk enabled is supposed to match T2-based model
-  behaviour. Read \href{https://support.apple.com/HT201573}{this article}
+  behaviour. Read \href{https://web.archive.org/web/20200517125051/https://support.apple.com/en-us/HT201573}{this archived article}
   to understand how to use single user mode with this quirk enabled.
 
 \item
@@ -3331,6 +3331,21 @@ diskutil mount -mountpoint /var/tmp/OSPersonalizationTemp $disk
     when Apple Secure Boot is activated. 
   \end{itemize}
 
+\item
+  \texttt{EnablePassword}\\
+  \textbf{Type}: \texttt{plist\ boolean}\\
+  \textbf{Failsafe}: \texttt{false}\\
+  \textbf{Description}: Enable password protection to allow sensitive operations.
+
+  Password protection ensures that sensitive operations like booting a non-default
+  operating system (e.g. macOS recovery or a tool), resetting NVRAM storage,
+  trying to boot into a non-default mode (e.g. verbose mode or safe mode) are not
+  allowed without explicit user authentication by a custom password. Currently
+  password and salt are hashed with 5000000 iterations of SHA-512.
+
+  \emph{Note}: This functionality is currently in development and is not ready for
+  daily usage.
+
 \item
   \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\
@@ -3377,6 +3392,18 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   halt (stop execution) after obtaining a message of \texttt{HaltLevel}.
   Possible values match \texttt{DisplayLevel} values.
 
+\item
+  \texttt{PasswordHash}\\
+  \textbf{Type}: \texttt{plist\ data} 64 bytes\\
+  \textbf{Failsafe}: all zero\\
+  \textbf{Description}: Password hash used when \texttt{EnabledPassword} is set.
+
+\item
+  \texttt{PasswordSalt}\\
+  \textbf{Type}: \texttt{plist\ data}\\
+  \textbf{Failsafe}: empty\\
+  \textbf{Description}: Password salt used when \texttt{EnabledPassword} is set.
+
 \item \label{securevaulting}
   \texttt{Vault}\\
   \textbf{Type}: \texttt{plist\ string}\\
@@ -3597,6 +3624,15 @@ rm vault.pub
       and \texttt{Default} value together.
   \end{enumerate}
 
+  Sometimes the already installed operating system may have outdated Apple Secure
+  Boot manifests on the \texttt{Preboot} partition causing boot failure. If you
+  see the ``OCB: Apple Secure Boot prohibits this boot entry, enforcing!'' message,
+  it is likely the case. When this happens you can either reinstall the operating
+  system or copy the manifests (files with \texttt{.im4m} extension, like
+  \texttt{boot.efi.j137.im4m}) from \texttt{/usr/standalone/i386} to
+  \texttt{/Volumes/Preboot/<UUID>/System/Library/CoreServices}. Here \texttt{<UUID>}
+  is your system volume identifier.
+
   For more details on how to configure Apple Secure Boot with UEFI Secure Boot
   refer to \hyperref[uefisecureboot]{UEFI Secure Boot} section.
 
diff --git a/Docs/Differences/Differences.pdf b/Docs/Differences/Differences.pdf
index 8905f0f9..bbbcbf0e 100644
Binary files a/Docs/Differences/Differences.pdf and b/Docs/Differences/Differences.pdf differ
diff --git a/Docs/Differences/Differences.tex b/Docs/Differences/Differences.tex
index 68f9f7e6..935d2d36 100644
--- a/Docs/Differences/Differences.tex
+++ b/Docs/Differences/Differences.tex
@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
 %DIF DEL PreviousConfiguration.tex   Sat Aug  8 20:55:30 2020
-%DIF ADD ../Configuration.tex        Mon Aug 31 16:42:45 2020
+%DIF ADD ../Configuration.tex        Tue Sep  1 07:50:20 2020
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -1413,8 +1413,10 @@ To view their current state use \texttt{pmset -g} command in Terminal.
   This is a security option allowing one to restrict single user mode usage
   by ignoring \texttt{CMD+S} hotkey and \texttt{-s} boot argument. The
   behaviour with this quirk enabled is supposed to match T2-based model
-  behaviour. Read \href{https://support.apple.com/HT201573}{this article}
-  to understand how to use single user mode with this quirk enabled.
+  behaviour. Read \DIFdelbegin %DIFDELCMD < \href{https://support.apple.com/HT201573}{this article}
+%DIFDELCMD <   %%%
+\DIFdelend \DIFaddbegin \href{https://web.archive.org/web/20200517125051/https://support.apple.com/en-us/HT201573}{this archived article}
+  \DIFaddend to understand how to use single user mode with this quirk enabled.
 
 \item
   \texttt{DisableVariableWrite}\\
@@ -3464,6 +3466,24 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log |
     when Apple Secure Boot is activated. 
   }\end{itemize}
 
+\item
+  \texttt{\DIFadd{EnablePassword}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Enable password protection to allow sensitive operations.
+}
+
+  \DIFadd{Password protection ensures that sensitive operations like booting a non-default
+  operating system (e.g. macOS recovery or a tool), resetting NVRAM storage,
+  trying to boot into a non-default mode (e.g. verbose mode or safe mode) are not
+  allowed without explicit user authentication by a custom password. Currently
+  password and salt are hashed with 5000000 iterations of SHA-512.
+}
+
+  \emph{\DIFadd{Note}}\DIFadd{: This functionality is currently in development and is not ready for
+  daily usage.
+}
+
 \item
   \DIFaddend \texttt{ExposeSensitiveData}\\
   \textbf{Type}: \texttt{plist\ integer}\\
@@ -3512,7 +3532,21 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:oem-board   # SMBIOS Type2 ProductNam
   halt (stop execution) after obtaining a message of \texttt{HaltLevel}.
   Possible values match \texttt{DisplayLevel} values.
 
-\item \DIFaddbegin \label{securevaulting}
+\item
+  \DIFaddbegin \texttt{\DIFadd{PasswordHash}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ data}} \DIFadd{64 bytes}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: all zero}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Password hash used when }\texttt{\DIFadd{EnabledPassword}} \DIFadd{is set.
+}
+
+\item
+  \texttt{\DIFadd{PasswordSalt}}\\
+  \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ data}}\\
+  \textbf{\DIFadd{Failsafe}}\DIFadd{: empty}\\
+  \textbf{\DIFadd{Description}}\DIFadd{: Password salt used when }\texttt{\DIFadd{EnabledPassword}} \DIFadd{is set.
+}
+
+\item \label{securevaulting}
   \DIFaddend \texttt{Vault}\\
   \textbf{Type}: \texttt{plist\ string}\\
   \textbf{Failsafe}: \texttt{Secure}\\
@@ -3736,7 +3770,17 @@ rm vault.pub
       \DIFadd{and }\texttt{\DIFadd{Default}} \DIFadd{value together.
   }\DIFaddend \end{enumerate}
 
-  \DIFaddbegin \DIFadd{For more details on how to configure Apple Secure Boot with UEFI Secure Boot
+  \DIFaddbegin \DIFadd{Sometimes the already installed operating system may have outdated Apple Secure
+  Boot manifests on the }\texttt{\DIFadd{Preboot}} \DIFadd{partition causing boot failure. If you
+  see the ``OCB: Apple Secure Boot prohibits this boot entry, enforcing!'' message,
+  it is likely the case. When this happens you can either reinstall the operating
+  system or copy the manifests (files with }\texttt{\DIFadd{.im4m}} \DIFadd{extension, like
+  }\texttt{\DIFadd{boot.efi.j137.im4m}}\DIFadd{) from }\texttt{\DIFadd{/usr/standalone/i386}} \DIFadd{to
+  }\texttt{\DIFadd{/Volumes/Preboot/<UUID>/System/Library/CoreServices}}\DIFadd{. Here }\texttt{\DIFadd{<UUID>}}
+  \DIFadd{is your system volume identifier.
+}
+
+  \DIFadd{For more details on how to configure Apple Secure Boot with UEFI Secure Boot
   refer to }\hyperref[uefisecureboot]{UEFI Secure Boot} \DIFadd{section.
 }
 
diff --git a/Docs/Errata/Errata.pdf b/Docs/Errata/Errata.pdf
index d46861b6..9947dee5 100644
Binary files a/Docs/Errata/Errata.pdf and b/Docs/Errata/Errata.pdf differ
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
index 653ca071..eaaecd2e 100644
--- a/Docs/Sample.plist
+++ b/Docs/Sample.plist
@@ -772,10 +772,16 @@
 			<string>Bootstrap</string>
 			<key>DmgLoading</key>
 			<string>Signed</string>
+			<key>EnablePassword</key>
+			<false/>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>
 			<integer>2147483648</integer>
+			<key>PasswordHash</key>
+			<data></data>
+			<key>PasswordSalt</key>
+			<data></data>
 			<key>ScanPolicy</key>
 			<integer>17760515</integer>
 			<key>SecureBootModel</key>
diff --git a/Docs/SampleCustom.plist b/Docs/SampleCustom.plist
index 249c5421..dce80525 100644
--- a/Docs/SampleCustom.plist
+++ b/Docs/SampleCustom.plist
@@ -772,10 +772,16 @@
 			<string>Bootstrap</string>
 			<key>DmgLoading</key>
 			<string>Signed</string>
+			<key>EnablePassword</key>
+			<false/>
 			<key>ExposeSensitiveData</key>
 			<integer>6</integer>
 			<key>HaltLevel</key>
 			<integer>2147483648</integer>
+			<key>PasswordHash</key>
+			<data></data>
+			<key>PasswordSalt</key>
+			<data></data>
 			<key>ScanPolicy</key>
 			<integer>17760515</integer>
 			<key>SecureBootModel</key>