Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md
index 8cc7098..074acc0 100644
--- a/docs/4.0-migration-guide/error-codes.md
+++ b/docs/4.0-migration-guide/error-codes.md
@@ -25,4 +25,4 @@
| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`
| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` |
-See also the corresponding section in the TF-PSA-Crypto migration guide, which lists errors from cryptography modules.
+See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.
diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md
index e4f293d..7d7bfee 100644
--- a/docs/4.0-migration-guide/psa-only.md
+++ b/docs/4.0-migration-guide/psa-only.md
@@ -4,7 +4,7 @@
### Impact on application code
-The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled.
+The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled.
`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake.