diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e6aae0dc..e2ffcb44e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,13 @@
 # OpenCore Legacy Patcher changelog
 
 ## 0.3.1
-- Allow for setting custom SIP values via TUI
 - Increment Binaries:
   - OpenCorePkg 0.7.4 release
   - RestrictEvents 1.0.5 release
+- Allow for setting custom SIP values via TUI
+- Drop `CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE` requirement for root patching
+  - Lowers default SIP Disabled value to 0xA03
+- Remove legacy GMUX patch set for MacBookPro5,x machines due to instabilites
 
 ## 0.3.0
 - Fix Nvidia Tesla Acceleration in Monterey Beta 7+
diff --git a/data/sip_data.py b/data/sip_data.py
index 7e174c849..c79ba3637 100644
--- a/data/sip_data.py
+++ b/data/sip_data.py
@@ -22,14 +22,17 @@ class system_integrity_protection:
         "CSR_ALLOW_UNTRUSTED_KEXTS",  #            0x1
         "CSR_ALLOW_UNRESTRICTED_FS",  #            0x2
         "CSR_ALLOW_UNAPPROVED_KEXTS",  #           0x200
-        "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",  # 0x400
     ]
 
     root_patch_sip_big_sur = [
         # Variables required to root patch in Big Sur and Monterey
         "CSR_ALLOW_UNTRUSTED_KEXTS",  #            0x1
-        "CSR_ALLOW_UNRESTRICTED_FS",  #            0x2
+        "CSR_ALLOW_UNRESTRICTED_FS",  #            0x2   - Required to mount and edit root volume, as well as load modded platform binaries
         "CSR_ALLOW_UNAPPROVED_KEXTS",  #           0x200
-        "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",  # 0x400
-        "CSR_ALLOW_UNAUTHENTICATED_ROOT",  #       0x800
+        "CSR_ALLOW_UNAUTHENTICATED_ROOT",  #       0x800 - Required to avoid KC mismatch kernel panic
     ]
+
+    # CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (introduced with Mojave):
+    # This bit is quite strange and was originally assumed to be required for modded platform binaries
+    # However after extensive testing, this doesn't seem true. In addition, this bit is never flipped via
+    # 'csrutil disable'. Usage within the kernel is not present.
\ No newline at end of file
diff --git a/resources/build.py b/resources/build.py
index 9258894ab..ef8c58f48 100644
--- a/resources/build.py
+++ b/resources/build.py
@@ -728,7 +728,7 @@ class BuildOpenCore:
             self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = utilities.string_to_hex(self.constants.custom_sip_value.lstrip("0x"))
         elif self.constants.sip_status is False:
             print("- Disabling SIP")
-            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("030E0000")
+            self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["csr-active-config"] = binascii.unhexlify("030A0000")
         # if self.constants.amfi_status is False:
         #     print("- Disabling AMFI")
         #     self.config["NVRAM"]["Add"]["7C436110-AB2A-4BBB-A880-FE41995C9F82"]["boot-args"] += " amfi_get_out_of_my_way=1"
diff --git a/resources/cli_menu.py b/resources/cli_menu.py
index 398cf8265..2c57187ed 100644
--- a/resources/cli_menu.py
+++ b/resources/cli_menu.py
@@ -165,7 +165,7 @@ Note: For security reasons, OpenShell will be disabled when Vault is set.
         print(
             f"""SIP is used to ensure proper secuirty measures are set,
 however to patch the root volume this must be disabled.
-Only disable is absolutely necessary. SIP value = 0xE03
+Only disable is absolutely necessary. SIP value = 0xA03
 
 Valid options:
 
@@ -776,7 +776,7 @@ the event there's issues.
         print(
             """
 By default OCLP will use the SIP value of 0x00 as the enabled and
-0xE03 for machines that require root patching. For users who wish
+0xA03 for machines that require root patching. For users who wish
 to flip additional bits in SIP may use this option.
 
 To disable SIP outright, set it to 0xFEF
diff --git a/resources/sys_patch.py b/resources/sys_patch.py
index ce825f1cd..76e93d5b5 100644
--- a/resources/sys_patch.py
+++ b/resources/sys_patch.py
@@ -760,9 +760,12 @@ set million colour before rebooting"""
             if self.constants.detected_os > self.constants.big_sur:
                 self.legacy_wifi = True
 
-        if self.model in ["MacBookPro5,1", "MacBookPro5,2", "MacBookPro5,3", "MacBookPro8,2", "MacBookPro8,3"]:
+        # if self.model in ["MacBookPro5,1", "MacBookPro5,2", "MacBookPro5,3", "MacBookPro8,2", "MacBookPro8,3"]:
+        if self.model in ["MacBookPro8,2", "MacBookPro8,3"]:
             # Sierra uses a legacy GMUX control method needed for dGPU switching on MacBookPro5,x
             # Same method is also used for demuxed machines
+            # Note that MacBookPro5,x machines are extremely unstable with this patch set, so disabled until investigated further
+            # Ref: https://github.com/dortania/OpenCore-Legacy-Patcher/files/7360909/KP-b10-030.txt
             if self.constants.detected_os > self.constants.high_sierra:
                 if self.model in ["MacBookPro8,2", "MacBookPro8,3"]:
                     # Ref: https://doslabelectronics.com/Demux.html
@@ -818,7 +821,7 @@ set million colour before rebooting"""
             sip_value = "For Hackintoshes, please set csr-active-config to '03060000' (0x603)\nFor non-OpenCore Macs, please run 'csrutil disable' in RecoveryOS"
         else:
             sip_value = (
-                "For Hackintoshes, please set csr-active-config to '030E0000' (0xE03)\nFor non-OpenCore Macs, please run 'csrutil disable' and \n'csrutil authenticated-root disable' in RecoveryOS"
+                "For Hackintoshes, please set csr-active-config to '030A0000' (0xA03)\nFor non-OpenCore Macs, please run 'csrutil disable' and \n'csrutil authenticated-root disable' in RecoveryOS"
             )
         self.sip_enabled, self.sbm_enabled, self.amfi_enabled, self.fv_enabled, self.dosdude_patched = utilities.patching_status(sip, self.constants.detected_os)
         if self.sip_enabled is True: