From 99613c672f7907289954fcab54df4e9901e052e2 Mon Sep 17 00:00:00 2001
From: Michael Grand <m.grand@trustngo.tech>
Date: Tue, 20 Jun 2023 15:01:00 +0200
Subject: [PATCH] bootutil: fix downgrade prevention

Downgrade prevention check moved to secure both TEST
and PERMANENT upgrade modes. Downgrade can still be
performed during REVERT.

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
---
 boot/bootutil/src/loader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 270b0d60..5f99f002 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -2130,13 +2130,14 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
             break;
 
         case BOOT_SWAP_TYPE_TEST:
+            /* fallthrough */
+        case BOOT_SWAP_TYPE_PERM:
             if (check_downgrade_prevention(state) != 0) {
                 /* Downgrade prevented */
                 BOOT_SWAP_TYPE(state) = BOOT_SWAP_TYPE_NONE;
                 break;
             }
             /* fallthrough */
-        case BOOT_SWAP_TYPE_PERM:          /* fallthrough */
         case BOOT_SWAP_TYPE_REVERT:
             rc = BOOT_HOOK_CALL(boot_perform_update_hook, BOOT_HOOK_REGULAR,
                                 BOOT_CURR_IMG(state), &(BOOT_IMG(state, 1).hdr),