You need to program a signed U-Boot before closing the device. Check the big warning in the 'Close the device' section:
Are you using an encrypted U-Boot? you can check the output of "trustfence status" to see if an encrypted U-Boot is being used.
The most common causes for that HAB event are:
1) The customer is trying to use encrypted kernel/DTB/bootscript with a signed-only (not-encrypted) U-Boot. Solution: Customer needs to flash an encrypted U-Boot file (using the trustfence update command, as documented)
2) The customer has changed the key index used but has updated only some artifacts (U-Boot updated but DTB/kernel/bootscript not updated, or the other way around). Solution: to ensure the same key is used, execute:
bitbake -c cleansstate u-boot linux-dey dey-image-qt core-image-base
and re-flash all artifacts (including U-Boot)