HAB Secure Boot Implementation on i.MX6

I’m working on enabling HAB (High Assurance Boot) on an i.MX6D board. U-Boot is signed and is in Open mode, but during the boot process, I see the following log:

selecting dtb file for el....
Using boot/uImage-imx6.dtb...
48129 bytes read in 4 ms (11.5 MiB/s)
hab fuse not enabled

Authenticate image from DDR location 0x12800000...
bad magic magic=0xff length=0xffff version=0xff
bad length magic=0xff length=0xffff version=0xff
bad version magic=0xff length=0xffff version=0xff
Error: Invalid IVT structure

and also, this output:

=> hab_status

Secure boot disabled
prefetch abort
pc : [<00007b50>]          lr : [<8ef790d9>]
reloc pc : [<88891b50>]    lr : [<178030d9>]
sp : 8df68a28  ip : 8ef79249     fp : 00000001
r10: 8effb030  r9 : 8df75ea0     r8 : 00000000
r7 : 8ef976f9  r6 : 8df7a6a8     r5 : 00000000  r4 : 8eff876c
r3 : 00007b55  r2 : 00000001     r1 : 8df68a34  r0 : 8df68a30
Flags: nzCv  IRQs off  FIQs off  Mode SVC_32 (T)
Code: f004 fe4d 4604 4620 (b004) e562 
Resetting CPU ...

The system continues to boot, but HAB reports this Error: Invalid IVT structure, my questions are:

• Do we need to sign the kernel image also for HAB secure boot in open mode?
• What is the recommended memory map and IVT placement for signing.
• why is this Error: Invalid IVT structure.