Add more description for firmware update.

Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

src/08-attestation.adoc

@@ -135,6 +135,11 @@ specification. It could be a pull mode with policy inside of TVM, such as
 reattestation every week. Or it could be an interrupt mode such as request
 triggered by the orchestrator.
 
+> **Note**
+> In this mode, the device can be updated before the TVM performs the
+reattestation, or just after TVM performs reattestation. If this is a
+concern, the TVM should choose no-update or pre-update attestation.
+
 ===== Pre-update attestation
 
 With post-update reattestation, there is a gap between update time and
@@ -153,6 +158,12 @@ Pre-update attestation gives a chance to unbind TDI before runtime update,
 while post-update reattestation can only unbind TDI after runtime update. That
 can remove the gap between update time and attestation time.
 
+> **Note**
+> In this mode, the device will perform updated anyway, no matter the TSM/TVM
+accept the new firmware update or not. If TSM or TVM cannot accept the new
+firmware, the TSM shall terminate the SPDM session with `END_SESSION`,
+but not acknowledge the event with `EVENT_ACK`.
+
 === Third party attesting the TVM with the device
 
 The third party must follow the CoVE defined attestation mechanism to perform