Mention how config checks are generated from historical information about config symbols

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

docs/architecture/config-check-framework.md

@@ -130,6 +130,10 @@ The checks are generated by `scripts/generate_config_checks.py` in each project.
 
 The generation happens before build time as part of `make generated_files` or similar.
 
+### Use of historical configuration information
+
+The generated checks are based at least in part on historical information about what configuration options and derived macros existed in previous versions of the library. This historical information is stored in the [`history`](https://github.com/Mbed-TLS/mbedtls-framework/tree/main/history) directory of the framework repository. It can be created with [`scripts/save_config_history.sh`](https://github.com/Mbed-TLS/mbedtls-framework/blob/main/scripts/save_config_history.sh).
+
 ## Validation
 
 Each project contains a script `tests/scripts/test_generate_config_checks.py` which is invoked by `all.sh`.
@@ -140,4 +144,6 @@ The config check tests include some basic unit tests around the code generation,
 
 ### Checks for forbidden configurations
 
-The config check tests can validate that certain configurations are forbidden. This includes configurations that are forbidden by [manually written checks](#manually-written-checks).
+The config check tests can validate that certain configurations are forbidden.
+
+The config check tests work by attempting to compile <code><em>LIBRARY\_DIRECTORY</em>/<em>PROJECT\_NAME</em>_config.c</code> which includes both [manually written checks](#manually-written-checks) and [generated checks](#generated-checks). Both preprocessor `#error` and `static_assert` can be detected.