Fixes on documentation

- mandate a watchdog
- Prohibit simultaneous update of firmware/OS
- Strongly advise dual bank updates in case of a rollback bump

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

source/chapter1-about.rst

@@ -67,6 +67,9 @@ Assumptions
   components and multiplexing boot combinations can be very challenging.  In this document we treat
   the firmware as a single entity regardless of the components it comprises.
   Failing to update one of the components will lead to rollbacks of every affected component
+- Updating the firmware and the OS at the same time is prohibited.
+- A hardware watchdog must always be active at least in BL33.  It's advisable 
+  the watchdog is activated on earlier boot stages as well.
 
 .. [#UEFICapsuleUpdateNote] [UEFI]_ 2.8B § 23 - Firmware Update and Reporting
 
@@ -112,6 +115,12 @@ during an update.  If the secondary partition contains a valid firmware and the
 is unable to boot the device (e.g flash corruption),  the device is allowed to fallback on the
 secondary partition.
 
+If the update is going to update the rollback counters it's strongly advised to update both of the
+partitions.  In that case the upgrade process will run once to update the secondary partition.  Once
+that's finished and accepted,  the firmware update agent should update the former primary partition
+as well.  This process must not necessarily go through the entire update procedure.  Simply writing
+and verifying the firmware is enough.
+
 .. image:: images/rollback_protection_simple.png
   :width: 200px
   :align: center