diff --git a/src/modules/initcpio/InitcpioJob.cpp b/src/modules/initcpio/InitcpioJob.cpp
index 2f611173b..df995ccbf 100644
--- a/src/modules/initcpio/InitcpioJob.cpp
+++ b/src/modules/initcpio/InitcpioJob.cpp
@@ -32,7 +32,7 @@ InitcpioJob::prettyName() const
     return tr( "Creating initramfs with mkinitcpio." );
 }
 
-/** @brief Sets conservative permissions on each initramfs
+/** @brief Sets secure permissions on each initramfs
  *
  * Iterates over each initramfs contained directly in the directory @p d.
  * For each initramfs found, the permissions are set to owner read/write only.
diff --git a/src/modules/initcpio/initcpio.conf b/src/modules/initcpio/initcpio.conf
index f227d7034..d2a126864 100644
--- a/src/modules/initcpio/initcpio.conf
+++ b/src/modules/initcpio/initcpio.conf
@@ -5,16 +5,22 @@
 ---
 # This key defines the kernel to be loaded.
 # It can have the following values:
-#  - the name of a single preset
-#  - empty or unset, interpreted as "all"
+#  - the name of a single mkinitcpio preset
+#  - empty or unset
 #  - the literal string "all"
 #
-# If kernel is "all" or empty/unset then mkinitpio is called for all kernels.  Otherwise
-# it is called with a single prefix with the value contained in kernel
+# If kernel is set to "all" or empty/unset then mkinitpio is called for all
+# kernels.  Otherwise it is called with a single preset with the value
+# contained in kernel.
 #
 kernel: linux
 
 # Set this to true to turn off mitigations for lax file
 # permissions on initramfs (which, in turn, can compromise
 # your LUKS encryption keys, CVS-2019-13179).
+#
+# If your initramfs are stored in the EFI partition or another non-POSIX
+# filesystem, this has no effect as the file permissions cannot be changed.
+# In this case, ensure the partition is mounted securely.
+#
 be_unsafe: false