bootutil: fix downgrade prevention
Downgrade prevention check moved to secure both TEST
and PERMANENT upgrade modes. Downgrade can still be
performed during REVERT.
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 270b0d6..5f99f00 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -2130,13 +2130,14 @@
break;
case BOOT_SWAP_TYPE_TEST:
+ /* fallthrough */
+ case BOOT_SWAP_TYPE_PERM:
if (check_downgrade_prevention(state) != 0) {
/* Downgrade prevented */
BOOT_SWAP_TYPE(state) = BOOT_SWAP_TYPE_NONE;
break;
}
/* fallthrough */
- case BOOT_SWAP_TYPE_PERM: /* fallthrough */
case BOOT_SWAP_TYPE_REVERT:
rc = BOOT_HOOK_CALL(boot_perform_update_hook, BOOT_HOOK_REGULAR,
BOOT_CURR_IMG(state), &(BOOT_IMG(state, 1).hdr),