From dc21f4104ecb9ed66c36ee83ff34806303ed73e7 Mon Sep 17 00:00:00 2001
From: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
Date: Thu, 13 Nov 2025 15:35:28 +0100
Subject: [PATCH] [nrf fromtree] zephyr: Fix BOOT_DOWNGRADE_PREVENTION_CHOICE
 symbol

The BOOT_DOWNGRADE_PREVENTION_CHOICE choice should not have a child
Kconfig symbols defined inside it.

Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
(cherry picked from commit 496f74f318fb12b7e7437db4e8c5c8c429713728)
---
 boot/zephyr/Kconfig | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 95e51ff14..abdacae94 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -1123,6 +1123,16 @@ config MCUBOOT_DOWNGRADE_PREVENTION
 	  only protects against some attacks against version downgrades (for
 	  example, a JTAG could be used to write an older version).
 
+config MCUBOOT_HW_DOWNGRADE_PREVENTION
+	bool "HW based downgrade prevention"
+	help
+	  Prevent undesirable/malicious software downgrades. When this option is
+	  set, any upgrade must have greater or equal security counter value.
+	  Because of the acceptance of equal values it allows for software
+	  downgrade to some extent.
+
+endchoice
+
 config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
 	bool "Use image security counter instead of version number"
 	depends on MCUBOOT_DOWNGRADE_PREVENTION
@@ -1134,14 +1144,6 @@ config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
        Because of the acceptance of equal values it allows for software
        downgrades to some extent.
 
-config MCUBOOT_HW_DOWNGRADE_PREVENTION
-	bool "HW based downgrade prevention"
-	help
-	  Prevent undesirable/malicious software downgrades. When this option is
-	  set, any upgrade must have greater or equal security counter value.
-	  Because of the acceptance of equal values it allows for software
-	  downgrade to some extent.
-
 config MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_LIMITED
 	bool "HW based downgrade prevention counter has limited number of updates"
 	depends on MCUBOOT_HW_DOWNGRADE_PREVENTION
@@ -1165,8 +1167,6 @@ config MCUBOOT_HW_DOWNGRADE_PREVENTION_LOCK
 	  This prevents the application from accidental updates of the counter,
 	  that may invalidate the currently running image.
 
-endchoice
-
 config MCUBOOT_UUID_VID
 	bool "Expect vendor unique identifier in image's TLV"
 	help