- Wording update for non-ISA extension

chapter3.adoc

@@ -1,31 +1,31 @@
 [[dmsext]]
 == Debug Module Security Extension (non-ISA extension)
 
-This chapter outlines the security enhancements defined for the Debug Module as non-ISA extension. The debug operations listed below are modified by the non-ISA extension. All features in this chapter must be implemented in Debug Module to achieve external debug security.
+This chapter outlines the security enhancements defined for the Debug Module as non-ISA extension. The debug operations listed below are modified by the non-ISA extension. All features in this chapter must be implemented in Debug Module to achieve external debug security. If any hart in the system implements the Sdec extension, the Debug Module must also implement the non-ISA extension.  
 
 * Halt
 * Reset 
 * Keepalive request 
 * Issuing abstract commands (Access Register, Quick Access, Access Memory)
 * System bus access
 
-=== Debug Module Security Extension Discovery 
+=== External Debug Security Extensions Discovery 
 
-The Debug Module Security Extension imposes security constraints and introduces non-backward-compatible changes. The presence of the Debug Module Security Extension can be determined by polling the `allsecured/anysecured` bits in dmstatus <<regdmstatus>>. 
+The ISA and non-ISA external debug security extensions impose security constraints and introduce non-backward-compatible changes. The presence of the extensions can be determined by polling the `allsecured` or/and `anysecured` bits in dmstatus <<regdmstatus>>.  If the field `allsecured` or `anysecured` is set to 1, it represents that all or any selected harts adopt the Sdsec extension. When any hart adopts the Sdsec extension, it indicates the Debug Module implements Debug Module Security Extension as described in this chapter.
 
 === Halt 
 
-The halt behavior for a hart is detailed in <<sdsecextdbg>>. According to _The RISC-V Debug Specification_,  a halt request must be responded within one second. However, this constraint must be eliminated as the request might be pending due to the situations where debugging is disallowed. Additionally, when machine mode is not permitted (mdbgen[i] set to 0) to engage in debugging, the halt-on-reset (resethaltreq) operation must fail and raise security fault error. The debugger could check the error by polling `allsecfault/anysecfault` fields in dmstatus for selected harts, as specified in <<regdmstatus>>. 
+The halt behavior for a hart is detailed in <<sdsecextdbg>>. According to _The RISC-V Debug Specification_,  a halt request must be responded within one second. However, this constraint must be eliminated as the request might be pending due to the situations where debugging is disallowed. Additionally, when machine mode is not permitted (mdbgen[i] set to 0) to engage in debugging, the halt-on-reset (resethaltreq) operation must fail and raise security fault error. The debugger could check the error by polling `allsecfault` or/and `anysecfault` fields in dmstatus for selected harts, as specified in <<regdmstatus>>. 
 
 === Reset
 
-The hartreset operation resets selected harts. This operation must be prohibited when machine mode is not allowed to be debugged. The security fault error will be raised if the operation is issued when mdbgen[i] is 0. The debugger could monitor the error by polling `allsecfault/anysecfault` in dmstatus. 
+The hartreset operation resets selected harts. This operation must be prohibited when machine mode is not allowed to be debugged. The security fault error will be raised if the operation is issued when mdbgen[i] is 0. The debugger could monitor the error by polling `allsecfault` or/and `anysecfault` in dmstatus. 
 
 The ndmreset operation is a system-level reset not tied to hart privilege levels and reset the entire system (excluding the Debug Module). It can only be secured by the system. Thus, it must be de-featured. The debugger can determine support for the ndmreset operation by setting the field to 1 and subsequently verifying the returned value upon reading.
 
 === Keepalive
 
-The keepalive operation serves as an optional request for the hart to remain available for debugger. It is only allowed when machine mode is permitted to debug. Otherwise, it causes a security fault error when mdbgen[i] is 0, indicated by `allsecfault/anysecfault` bits in dmstatus.
+The keepalive operation serves as an optional request for the hart to remain available for debugger. It is only allowed when machine mode is permitted to debug. Otherwise, it causes a security fault error when mdbgen[i] is 0, indicated by `allsecfault` or/and `anysecfault` bits in dmstatus.
 
 === Abstract Commands 
 The hart response to abstract commands is detailed in <<sdsecextdbg>>. The following subsection delineates the constraints when the Debug Module issues the abstract commands. 
@@ -50,9 +50,9 @@ Trusted entities like RoT should configure IOPMP or equivalent protection before
 
 === Security Fault Error Reporting
 
-A dedicated error code, security fault error (cmderr 6), is included in `cmderr` of abstractcs (at 0x16 in Debug Module). Misconfigurations of the dcsr and issuance of abstract commands under disallowed circumstance will signify such an error. Additionally, the bus security fault error (sberror 6) is introduced in `sberror` of sbcs (at 0x38 in Debug Module) to denote errors related to system bus access. 
+A dedicated error code, security fault error (cmderr 6), is included in `cmderr` of abstractcs (at 0x16 in Debug Module). Misconfigurations of the dcsr and issuance of abstract commands under disallowed circumstance can signify such an error. Additionally, the bus security fault error (sberror 6) is introduced in `sberror` of sbcs (at 0x38 in Debug Module) to denote errors related to system bus access. 
 
-The error raised by resethaltreq, reset and keepalive can be identified through the fields `allsecfault/anysecfault` in dmstatus.  The security fault errors must be detectable prior to any subsequent read of the register responsible for reporting the error. Error statuses are internally maintained for each hart, with the `allsecfault/anysecfault` fields indicating the error status of the currently selected harts. Any error indicated by `allsecfault/anysecfault` remains until updated through a successful resethaltreq, reset or keepalive operation. 
+The error raised by resethaltreq, reset and keepalive can be identified through the fields `allsecfault` and `anysecfault` in dmstatus.  The security fault errors must be detectable prior to any subsequent read of the register responsible for reporting the error. Error statuses are internally maintained for each hart, with the `allsecfault` and `anysecfault` fields indicating the error status of the currently selected harts. Any error indicated by `allsecfault` and `anysecfault` remains until updated through a successful resethaltreq, reset or keepalive operation. 
 
 [NOTE]
 While the resethaltreq, reset, and keepalive operations can potentially take a significant amount of time to complete depending on the implementation, the error status can be immediately reported via following read of `allsecfault/anysecfault` if the operation is prohibited. Therefore, if a read of `allsecfault/anysecfault` indicates no error, it suggests that the operation is allowed and either currently in progress or has been successfully executed.