Update appendix.adoc

Co-authored-by: Paul Donahue <[email protected]>
Signed-off-by: Aote Jin <[email protected]>

appendix.adoc

@@ -7,7 +7,7 @@ This chapter explains the theory of operation for the External Debug Security Ex
 
 As outlined in the specification, the dedicated debug security policy for a hart is enforced by platform state `nsecdbg`, hart's state `mdbgen`, and the `sdedbgalw` field inside the `msdcfg` CSR. Both the `nsecdbg` and `mdbgen` states can be accommodated in MMIO outside the harts, such as in the Debug Module registers, or implemented as fuses.  
 
-The security control logic validates all debug requests and triggers (with action=1) firing/matching based on `nsecdbg`, `mdbgen`, `sdedbgalw` against the privilege level of the hart. Debug requests that fail validation will either be dropped or kept pending. Additionally, the platform-specific external trigger inputs must obey to platform constraints, which must be carefully handled by platform implementation. 
+The security control logic validates all debug requests and triggers (with action=1) firing/matching based on `nsecdbg`, `mdbgen`, and `sdedbgalw` against the privilege level of the hart. Debug requests that fail validation will either be dropped or kept pending. Additionally, the platform-specific external trigger inputs must obey platform constraints, which must be carefully handled by the platform implementation. 
 
 When `nsecdbg` is set to 0, the validation process involves two actors, which may lead to a potential Time-of-Check Time-of-Use (TOCTOU) issue. To mitigate this, the implementation must ensure that both the validation and execution of debug requests occur under the same privilege level and the same debug security policy. Failing to do so may allow debug requests to bypass security controls.