From 561372fedde568ec80b464e489d31eb0d2d4dcab Mon Sep 17 00:00:00 2001
From: PRugg-Cap <163563269+PRugg-Cap@users.noreply.github.com>
Date: Thu, 22 Aug 2024 22:46:21 +0100
Subject: [PATCH] Clarify sealed mepcc behaviour (#347)

Fixes https://github.com/riscv/riscv-cheri/issues/344

Co-authored-by: Tariq Kurd <tariq.kurd@codasip.com>
---
 src/riscv-integration.adoc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/riscv-integration.adoc b/src/riscv-integration.adoc
index a378372b..755d7921 100644
--- a/src/riscv-integration.adoc
+++ b/src/riscv-integration.adoc
@@ -537,9 +537,10 @@ include::img/mepccreg.edn[]
 Capabilities written to <<mepcc>> must be legalised by implicitly zeroing bit
 **mepcc[0]**. Additionally, if an implementation allows IALIGN to be
 either 16 or 32, then whenever IALIGN=32, the capability read from <<mepcc>>
-must be legalised by implicitly zeroing bit **mepcc[1]**. Therefore, the
+must be legalised by implicitly zeroing **mepcc[1]**. Therefore, the
 capability read or written has its tag bit cleared if the legalised address is
-not within the <<section_cap_representable_check>>.
+not within the <<section_cap_representable_check>> or if the legalisation
+changes the address and the capability is sealed.
 
 NOTE: When reading or writing a sealed capability in <<mepcc>>, the
 tag is not cleared if the original address equals the legalized