Make the FIPS option clear

doc/sonic-build-system/SONiC-OpenSSL-FIPS-140-3.md

@@ -84,7 +84,7 @@ export OPENSSL_CONFIG=/usr/lib/ssl/openssl-fips.cnf
 
 ## OpenSSL FIPS 140-3
 
-![FIPS Overview!](images/fips-overview.png)
+![FIPS Overview](images/fips-overview.png)
 
 ### OpenSSL Engine
 OpenSSL supports engine cryptographic modules in the form of engine objects, and provides a reference-counted mechanism to allow them to be dynamically loaded in and out of the running application. An engine object can implement one or all cryptographic algorithms.
@@ -112,7 +112,7 @@ default_algorithms = ALL
 ```
 
 ### OpenSSL configuration enhancement
-When fips=1 is set in /proc/cmdline, the OpenSSL default config file is changed to "/usr/lib/ssl/openssl-fips.cnf".
+When fips=1 is set in /proc/cmdline, the OpenSSL default config file is changed to "/usr/lib/ssl/openssl-fips.cnf", otherwise, the config file "/usr/lib/ssl/openssl-fips.cnf" is used.
 
 ### SymCrypt OpenSSL Engine debian package
 Provide SymCrypt OpenSSL debian package.
@@ -137,4 +137,6 @@ Golang has its own cryptographic module (see [crypto](https://github.com/golang/
 To support FIPS for Golang, RedHat offers an alternative solution (see [here](https://developers.redhat.com/blog/2019/06/24/go-and-fips-140-2-on-red-hat-enterprise-linux)), it builds on top of the Golang's dev.bringcrypt branches, has ability to call into OpenSSL, not BoringSSL. SONiC can reuse the RedHat sulotion, one difference is that RedHat supports FIPS for OpenSSL directly, SONiC uses OpenSSL Engine.
 
 How OpenSSL Engine works in Golang?
-![Golang API!](images/golang-api.png)
+![Golang API](images/golang-api.png)
+
+When FIPS enabled, both of the BoringSSL Enable Option and the SymCrypt Enabled option will be set.