Clarify rollback index protection in README.md file.
It was pointed out "Additionally, the rollback indexes in the verified
image must not exceed those stored on the device" was ambigious so
rephrase for clarification.
Bug: None
Test: All unit tests pass.
Change-Id: I2f8e89beef4aa42f4b844390c8053f6f775fec2b
diff --git a/README.md b/README.md
index 8421383..31d579b 100644
--- a/README.md
+++ b/README.md
@@ -628,10 +628,11 @@
* If the device is LOCKED, only an OS signed by an embedded
verification key (see the previous section) shall be
- accepted. Additionally, the rollback indexes in the verified image
- must not exceed those stored on the device and
- `stored_rollback_index[n]` on the device are expected to be updated
- as specified in the previous section.
+ accepted. Additionally, `rollback_index[n]` as stored in the
+ verified image must be greater or equal than what's in
+ `stored_rollback_index[n]` on the device (for all `n`) and the
+ `stored_rollback_index[n]` array is expected to be updated as
+ specified in the previous section.
+ If the key used for verification was set by the end user, and
the device has a screen, it must show a warning with the key
fingerprint to convey that the device is booting a custom
