diff --git a/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch
index 7a8dabf..839d6be 100644
--- a/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch
+++ b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch
@@ -4,13 +4,12 @@ Date: Mon, 10 Aug 2020 10:38:20 +0300
 Subject: [PATCH] ROSA: ima: allow to off modules signature check dynamically
 
 Allow module.sig_enforce=0 kernel cmdline, not only module.sig_enforce=1
-It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed.
+It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed
+without recompiling the kernel (it may be impossible, e.g. in certified systems).
 
 GRUB or another bootloader is password-protected when needed,
 so I am not afraid much that someone will be able to turn it off when not needed.
 
-in production systems.
-
 ROSA-specific patch.
 
 Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>