Freescale Semiconductor, Inc. has a few Application Notes on their implementations of a U-Boot-based Secure Boot. One of these app notes is only a few days old. Excerpt:
Secure Boot on i.MX50, i.MX53, and i.MX 6 Series using HABv4
Executing trusted and authentic code on an applications processor starts with securely booting the device. The i.MX family of applications processors provides this capability with the High Availability Boot (HAB) component of the on-chip ROM. The ROM is responsible for loading the initial program image from the boot medium. HAB enables the ROM to authenticate the program image by using digital signatures. This initial program image is usually a bootloader. HAB provides a mechanism to establish a root of trust for the remaining software components and establishes a secure state on the i.MX IC’s secure state machine in hardware. The purpose of this application note is to provide a secure boot reference for i.MX applications processors that include HABv4. It demonstrates an example for generating a signed U-Boot image and configuring the IC to run securely. It is assumed that the reader is familiar with the basics of digital signatures and public key certificates.
This document covers secure boot using i.MX6. HABv4 is present on the following i.MX processors: i.MX50, i.MX53, and i.MX 6 Series. This document applies to all HABv4 processors. Secure boot features for other processors, such as i.MX25, i.MX35, and i.MX51, which use HABv3, are documented in Secure Boot on i.MX25, i.MX35, and i.MX51 using HAB3 application note (document AN4547). Secure boot features for i.MX28 are documented in Secure Boot with i.MX28 HAB v4 application note (document AN4555). i.MX28 supports HABv4, but its boot architecture is significantly different from other processors in the i.MX family.
More information:
Firmware Security 