The rabbit hole goes a bit deeper: to QFPROM :)
There is a chain:
ABOOT ignores kernel signature errors if SMEM var 0x201 != “SBON”
var 0x201 is passed from SBL1 in SMEM 0x88 block
SBL1 sets var 0x201 (and DNAND field(0x18, 0) also) to “SBON” — secure / ”SBOF” — nonsecure / “E_RF” — fuse read error (ok for us too) based on QFPROM value at 0xFC4B83F8 (tested with 0x202020 mask — any bit set is “SBON”).