chore: update prod-host-setup.md with arm physical counter info

Update a note about physical counter on ARM being reset instead of
directly passed through.

Signed-off-by: Egor Lazarchuk <yegorlz@amazon.co.uk>

Author: ShadowCurse

docs/prod-host-setup.md

@@ -328,13 +328,13 @@ For vendor-specific recommendations, please consult the resources below:
 - ARM:
   [Speculative Processor Vulnerability](https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability)
 
-##### [ARM only] Physical counter directly passed through to the guest
+##### [ARM only] VM Physical counter reset on VM boot
 
-On ARM, the physical counter (i.e `CNTPCT`) it is returning the
-[actual EL1 physical counter value of the host][1]. From the discussions before
-merging this change [upstream][2], this seems like a conscious design decision
-of the ARM code contributors, giving precedence to performance over the ability
-to trap and control this in the hypervisor.
+On ARM, Firecracker tries to reset the `CNTPCT` physical counter on VM boot.
+This is done in order to prevent VM from reading host physical counter value.
+Because this is only possible in kernels containing [this](https://lore.kernel.org/all/20230330174800.2677007-1-maz@kernel.org/)
+patch series (6.4 and newer) Firecracker does not fail if it cannot reset the counter
+and instead prints a warning message.
 
 ##### Verification