My encrypted uboot image failed to boot up on imx8mm evk

I am trying to build encrypted uboot image on imx8mm EVK. I followed the document of mx8m_encrypted_boot.txt. I got error message when boot from the uboot image:

I am using  <CST 3.31 folder>linux64/cst which should support encrypted boot. Could you confirm if it support encrypted function?

U-Boot SPL 2021.04-dirty (Aug 11 2021 - 17:15:21 +0800)

DDRINFO: start DRAM init

DDRINFO: DRAM rate 3000MTS

DDRINFO:ddrphy calibration done

DDRINFO: ddrmix config done

SEC0:  RNG instantiated

Normal Boot

Trying to boot from MMC1

hab fuse not enabled

Authenticate image from DDR location 0x401fcdc0...

"Synchronous Abort" handler, esr 0x02000000

elr: 0000000000920000 lr : 00000000007e2d58

x 0: 0000000000917e00 x 1: 0000000000000002

x 2: 0000000047e69f9a x 3: 0000000000000000

x 4: 0000000000000001 x 5: 0000000000000040

x 6: 0000000000000000 x 7: 0000000000000000

x 8: 0000000000000000 x 9: 00000000000000cc

x10: 00000000000000f0 x11: 00000000000001fe

x12: 0000000000000000 x13: 0000000000000000

x14: 00000000000000ff x15: 0000000000000020

x16: 0000000000000000 x17: 000000001ac64259

x18: 0000000000917e50 x19: 0000000000920000

x20: 0000000000917de8 x21: 00000000007fa100

x22: 00000000007fa0e8 x23: 00000000deadbeef

x24: 00000000007f1c3e x25: 0000000000000005

x26: 00000000007f1c26 x27: 0000000072000000

x28: 0000000000000000 x29: 0000000000917d60

Code: 8750d8cc 86c0bc2b f32510f0 bc89c292 (09247307)

Resetting CPU ...

imx-mkimage output:

========= OFFSET dump =========

Loader IMAGE:

 header_image_off          0x0

 dcd_off                              0x0

 image_off                         0x40

 csf_off                0x2d800

 spl hab block:   0x7e0fc0 0x0 0x2d800

Second Loader IMAGE:

 sld_header_off                0x57c00

 sld_csf_off                        0x58c20

 sld hab block:   0x401fcdc0 0x57c00 0x1020

TEE_LOAD_ADDR=0xbe000000 ATF_LOAD_ADDR=0x00920000 VERSION=v1 ./print_fit_hab.sh 0x60000 evk.dtb

0x40200000 0x5AC00  0xED8D0

0x402ED8D0 0x1484D0 0xC730

0x920000 0x154C00 0xB160

0xBE000000 0x15FD60 0x203E60

I am using procedures below to create encrypted uboot image:

cp flash.bin flash-spl-enc.bin

../linux64/bin/cst -i csf_spl_enc.txt -o csf_spl_enc.bin

cp flash-spl-enc.bin flash-spl-enc-dummy.bin

../linux64/bin/cst -i csf_spl_sign_enc.txt -o csf_spl_sign_enc.bin

dd if=csf_spl_enc.bin of=noncemac.bin bs=1 skip=2648 count=36

dd if=noncemac.bin of=csf_spl_sign_enc.bin bs=1 seek=2648 count=36

cp flash-spl-enc.bin flash-spl-fit-enc.bin

../linux64/bin/cst -i csf_fit_enc.txt -o csf_fit_enc.bin

cp flash-spl-fit-enc.bin flash-spl-fit-enc-dummy.bin

../linux64/bin/cst -i csf_fit_sign_enc.txt -o csf_fit_sign_enc.bin

dd if=csf_fit_enc.bin of=noncemac.bin bs=1 skip=2664 count=36

dd if=noncemac.bin of=csf_fit_sign_enc.bin bs=1 seek=2688 count=36

mmc list

  => fatload mmc 1:1 0x40400000 dek_spl.bin

  => dek_blob 0x40400000 0x40401000 128

  => fatwrite mmc 1:1 0x40401000 dek_spl_blob.bin 0x48

  => fatload mmc 1:1 0x40402000 dek_fit.bin

  => dek_blob 0x40402000 0x40403000 128

  => fatwrite mmc 1:1 0x40403000 dek_fit_blob.bin 0x48

cp flash-spl-fit-enc.bin encrypted-flash.bin

dd if=csf_spl_sign_enc.bin of=encrypted-flash.bin seek=$((0x2d800)) bs=1 conv=notrunc

$ dd if=dek_spl_blob.bin of=encrypted-flash.bin seek=$((0x2f800)) bs=1 conv=notrunc

dd if=csf_fit_sign_enc.bin of=encrypted-flash.bin seek=$((0x58c20)) bs=1 conv=notrunc

dd if=dek_fit_blob.bin of=encrypted-flash.bin seek=$((0x363bc0)) bs=1 conv=notrunc

sudo dd if=encrypted-flash.bin of=/dev/sde bs=1K seek=33 && sync

Here attached all the CSF files