diff --git a/articles/arch-uki-secure-boot/arch-uki-secure-boot.asciidoc b/articles/arch-uki-secure-boot/arch-uki-secure-boot.asciidoc
index fc5d116..82f45b0 100644
--- a/articles/arch-uki-secure-boot/arch-uki-secure-boot.asciidoc
+++ b/articles/arch-uki-secure-boot/arch-uki-secure-boot.asciidoc
@@ -113,7 +113,7 @@ If you have static UEFI binaries, like the UEFI Shell or a third party bootloade
 sbctl sign -s /boot/efi/EFI/…
 ....
 
-The `+-s+` flag tells `+sbctl+` to remember this path. In the future, if you modify any of those files, you can just issue `+sbctl sign -TODO+` to check and resign every known file.
+The `+-s+` flag tells `+sbctl+` to remember this path. In the future, if you modify any of those files, you can just issue `+sbctl sign-all+` to check and resign every known file.
 
 Warning: Ensure that `+sbctl verify+` validates your boot files before rebooting! If you reboot without signing your files, your system will refuse to boot, now that the certificates are registered.