From b8ba4bae7c254440cad4a4c22a686146c8cbd80a Mon Sep 17 00:00:00 2001
From: Jean-Philippe Ouellet <jpo@vt.edu>
Date: Tue, 24 Jul 2018 08:11:45 -0400
Subject: [PATCH 1/2] Split sentences

---
 about/faq.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/about/faq.md b/about/faq.md
index 2b01b283..3384beb0 100644
--- a/about/faq.md
+++ b/about/faq.md
@@ -559,4 +559,7 @@ For more details about how we improved on Xen's native stub domain use, see [her
 
 ### Is Secure Boot supported?
 
-Secure Boot is not supported out of the box as UEFI support in Xen is very basic. Arguably secure boot reliance on UEFI integrity is not the best design. The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested. Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS.
+Secure Boot is not supported out of the box as UEFI support in Xen is very basic.
+Arguably secure boot reliance on UEFI integrity is not the best design.
+The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested.
+Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS.

From 36abc1c2926eba5510568122ad13e8301d6d35c8 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Ouellet <jpo@vt.edu>
Date: Tue, 24 Jul 2018 08:13:09 -0400
Subject: [PATCH 2/2] Mention Heads in secure boot FAQ entry

---
 about/faq.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/about/faq.md b/about/faq.md
index 3384beb0..0d8b2589 100644
--- a/about/faq.md
+++ b/about/faq.md
@@ -559,7 +559,8 @@ For more details about how we improved on Xen's native stub domain use, see [her
 
 ### Is Secure Boot supported?
 
-Secure Boot is not supported out of the box as UEFI support in Xen is very basic.
+UEFI Secure Boot is not supported out of the box as UEFI support in Xen is very basic.
 Arguably secure boot reliance on UEFI integrity is not the best design.
 The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested.
 Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS.
+See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/) for a better-designed non-UEFI-based secure boot scheme with very good support for Qubes.