You may validate your image without burning SRK fuses. hab_status will report no warnings if image is properly signed, though SRK fuses are unprogrammed. Before closing device, you need to burn SRK fuses, because HAB check won’t succeed any more after device is closed. You may recheck hab_status again after fusing SRK, but not yet closing device. This time hab_status will as well validate your boot image including SRK table check.
You should keep in mind that you should never regenerate certificates and SRK table if you plan to update existing signed and closed device with newly signed bootloader. SRK key revocation only band one of the existing keys, which was used to generate SRK table. Anyway you won’t be able to change SRK fuses without bricking your device.
In addition to what @jeremias.tx wrote, not only flashed U-Boot needs to be properly signed, bus as well device recovery needs properly signed U-Boot image. For recovery you will need to sign U-Boot, which comes with Tezi. Recovery just won’t work until you sign U-Boot image used for recovery over USB.