Addressed Fenrir's comments

Author: danielinux

src/update_disk.c

@@ -375,7 +375,8 @@ void RAMFUNCTION wolfBoot_start(void)
             uint32_t cur_ver = selected ? (uint32_t)pB_ver : (uint32_t)pA_ver;
             if ((max_ver > 0U) && (cur_ver < max_ver)) {
                 wolfBoot_printf("Rollback to lower version not allowed\r\n");
-                break;
+                wolfBoot_panic();
+                return;
             }
         }
 #endif
@@ -509,6 +510,7 @@ void RAMFUNCTION wolfBoot_start(void)
 #endif
         wolfBoot_printf("Unable to find a valid partition!\r\n");
         wolfBoot_panic();
+        return;
     }
 
     disk_close(BOOT_DISK);

src/update_flash_hwswap.c

@@ -62,7 +62,7 @@ void RAMFUNCTION wolfBoot_start(void)
         if ((max_v > 0U) && (active_v < max_v)) {
             wolfBoot_printf("Rollback to lower version not allowed\n");
             boot_panic();
-            continue;
+            return;
         }
 #endif
         if ((wolfBoot_open_image(&fw_image, active) < 0)

tools/unit-tests/unit-update-disk.c

@@ -301,7 +301,8 @@ START_TEST(test_update_disk_rejects_rollback_after_higher_image_failure)
 
     wolfBoot_start();
 
-    ck_assert_int_eq(wolfBoot_panicked, 1);
+    ck_assert_int_gt(wolfBoot_panicked, 0);
+    ck_assert_int_eq(mock_do_boot_called, 0);
 }
 END_TEST
 

tools/unit-tests/unit-update-ram.c

@@ -438,6 +438,26 @@ START_TEST (test_emergency_rollback_to_older_version_denied) {
     cleanup_flash();
 }
 
+START_TEST (test_dualboot_candidate_rejects_testing_rollback_to_lower_version) {
+    uint8_t testing_flags[5] = { IMG_STATE_TESTING, 'B', 'O', 'O', 'T' };
+    int candidate;
+
+    reset_mock_stats();
+    prepare_flash();
+    add_payload(PART_BOOT, 2, TEST_SIZE_SMALL);
+    add_payload(PART_UPDATE, 1, TEST_SIZE_SMALL);
+
+    ext_flash_unlock();
+    ext_flash_write(WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 5,
+            testing_flags, 5);
+    ext_flash_lock();
+
+    candidate = wolfBoot_dualboot_candidate();
+    ck_assert_int_eq(candidate, -1);
+    ck_assert_uint_eq(wolfBoot_current_firmware_version(), 0U);
+    cleanup_flash();
+}
+
 START_TEST (test_emergency_rollback_failure_due_to_bad_update) {
     uint8_t testing_flags[5] = { IMG_STATE_TESTING, 'B', 'O', 'O', 'T' };
     uint8_t wrong_update_magic[4] = { 'G', 'O', 'L', 'F' };
@@ -514,6 +534,8 @@ Suite *wolfboot_suite(void)
     TCase *update_toolarge = tcase_create("Update too large");
     TCase *invalid_sha = tcase_create("Invalid SHA digest");
     TCase *emergency_rollback = tcase_create("Emergency rollback");
+    TCase *dualboot_candidate_rollback_denied =
+        tcase_create("Dualboot candidate rollback denied");
     TCase *emergency_rollback_failure_due_to_bad_update = tcase_create("Emergency rollback failure due to bad update");
     TCase *empty_boot_partition_update = tcase_create("Empty boot partition update");
     TCase *empty_boot_but_update_sha_corrupted_denied = tcase_create("Empty boot partition but update SHA corrupted");
@@ -534,6 +556,8 @@ Suite *wolfboot_suite(void)
     tcase_add_test(update_toolarge, test_update_toolarge);
     tcase_add_test(invalid_sha, test_invalid_sha);
     tcase_add_test(emergency_rollback, test_emergency_rollback_to_older_version_denied);
+    tcase_add_test(dualboot_candidate_rollback_denied,
+        test_dualboot_candidate_rejects_testing_rollback_to_lower_version);
     tcase_add_test(emergency_rollback_failure_due_to_bad_update, test_emergency_rollback_failure_due_to_bad_update);
     tcase_add_test(empty_boot_partition_update, test_empty_boot_partition_update);
     tcase_add_test(empty_boot_but_update_sha_corrupted_denied, test_empty_boot_but_update_sha_corrupted_denied);
@@ -554,6 +578,7 @@ Suite *wolfboot_suite(void)
     suite_add_tcase(s, update_toolarge);
     suite_add_tcase(s, invalid_sha);
     suite_add_tcase(s, emergency_rollback);
+    suite_add_tcase(s, dualboot_candidate_rollback_denied);
     suite_add_tcase(s, emergency_rollback_failure_due_to_bad_update);
     suite_add_tcase(s, empty_boot_partition_update);
     suite_add_tcase(s, empty_boot_but_update_sha_corrupted_denied);
@@ -574,6 +599,7 @@ Suite *wolfboot_suite(void)
     tcase_set_timeout(update_toolarge, 5);
     tcase_set_timeout(invalid_sha, 5);
     tcase_set_timeout(emergency_rollback, 5);
+    tcase_set_timeout(dualboot_candidate_rollback_denied, 5);
     tcase_set_timeout(emergency_rollback_failure_due_to_bad_update, 5);
     tcase_set_timeout(empty_boot_partition_update, 5);
     tcase_set_timeout(empty_boot_but_update_sha_corrupted_denied, 5);