We have no experience with secure boot as e.g. provided by the NXP HAB mechanisms.
You could refer to the ‘Security Reference Manual for i.MX 6’ and ‘AN4581 Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4’ available here for some additional information.
The U-Boot source tree we use provides code for generic verification of images and also some NXP specific extensions which may or may not be of use. However none of these are enabled in the binary U-Boot we provide.
e.g. have a look here and here.
Note that we now boot with an SPL, e.g. the bootrom loads SPL which then loads U-Boot.
Thus the bootrom would verify the SPL and you would need to add verification of the loaded U-Boot to SPL.
Please also have a look at our partner ‘Prove & Run’ which provides services which secure your embedded device.