stm32mp: cmd_stm32key: add subcommand close

The expected sequence to close the device

1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>

At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.

3/ Close the device: only signed binary will be accepted !!
   STM32MP> stm32key close

Warning: Programming these OTP is an irreversible operation!
         This may brick your system if the HASH of key is invalid

This command should be deactivated by default in real product.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
1 file changed