Revert "Disallow UDS-rooted BCC"
This reverts commit 7e6a933d44c27f1579173cce9565bbbbe6374cef.
Reason for revert: We now truncate the received BCC in pvmfw, so this restriction is not needed.
Bug: 266172411
Change-Id: I1c294862352a93c74153627ac9a6812e80e90da7
diff --git a/pvmfw/README.md b/pvmfw/README.md
index 1eb7286..4e93648 100644
--- a/pvmfw/README.md
+++ b/pvmfw/README.md
@@ -197,20 +197,16 @@
that it differs from the `BccHandover` defined by the specification in that its
`Bcc` field is mandatory (while optional in the original).
-Ideally devices that fully implement DICE should provide a certificate rooted at
-the Unique Device Secret (UDS) in a boot stage preceding the pvmfw loader
-(typically ABL), in such a way that it would receive a valid `BccHandover`, that
-can be passed to [`BccHandoverMainFlow`][BccHandoverMainFlow] along with the
-inputs described below.
+Devices that fully implement DICE should provide a certificate rooted at the
+Unique Device Secret (UDS) in a boot stage preceding the pvmfw loader (typically
+ABL), in such a way that it would receive a valid `BccHandover`, that can be
+passed to [`BccHandoverMainFlow`][BccHandoverMainFlow] along with the inputs
+described below.
-However, there is a limitation in Android 14 that means that a UDS-rooted DICE
-chain must not be used for pvmfw. A non-UDS rooted DICE chain is recommended for
-Android 14.
-
-As an intermediate step towards supporting DICE throughout the software stack of
-the device, incomplete implementations may root the BCC at the pvmfw loader,
-using an arbitrary constant as initial CDI. The pvmfw loader can easily do so
-by:
+Otherwise, as an intermediate step towards supporting DICE throughout the
+software stack of the device, incomplete implementations may root the BCC at the
+pvmfw loader, using an arbitrary constant as initial CDI. The pvmfw loader can
+easily do so by:
1. Building a BCC-less `BccHandover` using CBOR operations
([example][Trusty-BCC]) and containing the constant CDIs