diff --git a/.github/workflows/iot-gate-imx8-sb.yml b/.github/workflows/iot-gate-imx8-sb.yml
new file mode 100644
index 00000000..b1c4be57
--- /dev/null
+++ b/.github/workflows/iot-gate-imx8-sb.yml
@@ -0,0 +1,67 @@
+name: Compulab IOT-GATE-iMX8-SB
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      #- 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com+sign-api-key
+
+permissions:
+  id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
+  actions: read # We are fetching workflow run results of a merge commit when workflow is triggered by new tag, to see if tests pass
+  pull-requests: write # Read is required to fetch the PR that merged, in order to get the test results. Write is required to create PR comments for workflow approvals.
+  packages: read
+  contents: read
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@3a78c259d96823f6d31477f802cfde2b72bc3b5a
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: iot-gate-imx8
+      build-args: '--templates-path layers/meta-balena-hab'
+      # worker_type defaults to testbot
+      # worker_fleets defaults to balena/testbot-rig,balena/testbot-rig-partners,balena/testbot-rig-x86,balena/testbot-rig-partners-x86
+      test_matrix: >
+        {
+          "test_suite": ["os","cloud","hup"],
+          "environment": ["bm.balena-dev.com"],
+          "runs_on": [["ubuntu-latest"]],
+          "secure_boot": ["sb",""]
+        }
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com+sign-api-key for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+sign-api-key' }}
+      sign-image: true
diff --git a/.github/workflows/iot-gate-imx8.yml b/.github/workflows/iot-gate-imx8.yml
index 4b7d3ef1..90e3ec75 100644
--- a/.github/workflows/iot-gate-imx8.yml
+++ b/.github/workflows/iot-gate-imx8.yml
@@ -50,6 +50,7 @@ jobs:
     secrets: inherit
     with:
       machine: iot-gate-imx8
+      build-args: '--templates-path layers/meta-balena-imx8mm'
       # worker_type defaults to testbot
       # worker_fleets defaults to balena/testbot-rig,balena/testbot-rig-partners,balena/testbot-rig-x86,balena/testbot-rig-partners-x86
       test_matrix: >
diff --git a/.gitmodules b/.gitmodules
index 0b27580e..19b44a94 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -45,3 +45,6 @@
 	branch = honister
 [submodule "layers/meta-compulab-bsp"]
 	branch = honister
+[submodule "layers/meta-balena-hab"]
+	path = layers/meta-balena-hab
+	url = git@github.com:balena-os/meta-balena-hab.git
diff --git a/iot-gate-imx8-sb.coffee b/iot-gate-imx8-sb.coffee
new file mode 100644
index 00000000..642d8b8a
--- /dev/null
+++ b/iot-gate-imx8-sb.coffee
@@ -0,0 +1,52 @@
+deviceTypesCommon = require '@resin.io/device-types/common'
+{ networkOptions, commonImg, instructions } = deviceTypesCommon
+
+IOT_GATE_IMX8_FLASH = 'Insert USB STICK. Device will automatically boot from USB'
+ 
+postProvisioningInstructions = [
+        instructions.BOARD_SHUTDOWN
+        instructions.REMOVE_INSTALL_MEDIA
+        instructions.BOARD_REPOWER
+]
+ 
+module.exports =
+        version: 1
+        slug: 'iot-gate-imx8-sb'
+        name: 'Compulab IOT-GATE-iMX8 secure boot variant'
+        arch: 'aarch64'
+        state: 'released'
+ 
+        stateInstructions:
+                postProvisioning: postProvisioningInstructions
+ 
+        instructions: [
+                instructions.ETCHER_USB
+                instructions.EJECT_USB
+                instructions.FLASHER_WARNING
+                IOT_GATE_IMX8_FLASH
+        ].concat(postProvisioningInstructions)
+
+        gettingStartedLink:
+                windows: 'http://docs.balena.io/iot-gate-imx8-sb/nodejs/getting-started/#adding-your-first-device'
+                osx: 'http://docs.balena.io/iot-gate-imx8-sb/getting-started/#adding-your-first-device'
+                linux: 'http://docs.balena.io/iot-gate-imx8-sb/getting-started/#adding-your-first-device'
+
+        supportsBlink: false
+
+        yocto:
+                machine: 'iot-gate-imx8'
+                image: 'balena-image-flasher'
+                fstype: 'balenaos-img'
+                version: 'yocto-kirkstone'
+                deployArtifact: 'balena-image-flasher-iot-gate-imx8.balenaos-img'
+                compressed: true
+
+        options: [ networkOptions.group ]
+
+        configuration:
+                config:
+                        partition:
+                                primary: 1
+                        path: '/config.json'
+
+        initialization: commonImg.initialization
diff --git a/iot-gate-imx8-sb.svg b/iot-gate-imx8-sb.svg
new file mode 100644
index 00000000..529a7096
--- /dev/null
+++ b/iot-gate-imx8-sb.svg
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 25.2.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 56.7 68"
+   style="enable-background:new 0 0 56.7 68;"
+   xml:space="preserve"
+   sodipodi:docname="iot-gate-imx8-sb.svg"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+   id="defs38" /><sodipodi:namedview
+   id="namedview36"
+   pagecolor="#ffffff"
+   bordercolor="#666666"
+   borderopacity="1.0"
+   inkscape:showpageshadow="2"
+   inkscape:pageopacity="0.0"
+   inkscape:pagecheckerboard="0"
+   inkscape:deskcolor="#d1d1d1"
+   showgrid="false"
+   inkscape:zoom="10.926471"
+   inkscape:cx="28.417227"
+   inkscape:cy="34"
+   inkscape:window-width="1920"
+   inkscape:window-height="1008"
+   inkscape:window-x="1920"
+   inkscape:window-y="0"
+   inkscape:window-maximized="1"
+   inkscape:current-layer="layer1" />
+<style
+   type="text/css"
+   id="style2">
+	.st0{enable-background:new    ;}
+	.st1{fill:#474747;}
+	.st2{font-family:'SourceSansPro-SemiBold';}
+	.st3{font-size:10px;}
+	.st4{fill:#06AFEF;}
+	.st5{fill:#818385;}
+	.st6{fill:#0DB1EF;}
+	.st7{fill:#0BB0EF;}
+	.st8{fill:#14B3EF;}
+	.st9{fill:#0CB0EE;}
+	.st10{fill:#12B2EF;}
+	.st11{fill:#0EB1EF;}
+	.st12{fill:#2ABAF1;}
+	.st13{fill:#27B8F0;}
+</style>
+<text
+   class="st0"
+   id="text8"
+   x="6.0498829"
+   y="51.360497"><tspan
+     x="6.0498829"
+     y="51.360497"
+     class="st1 st2 st3"
+     id="tspan4">IOT-GATE </tspan><tspan
+     x="16.249882"
+     y="63.360497"
+     class="st1 st2 st3"
+     id="tspan6">iMX8</tspan></text>
+<g
+   id="_x36_Quoqn_1_">
+	<g
+   id="g32">
+		<path
+   class="st4"
+   d="M38.6,2.4c1.3,2.3,2.6,4.6,3.9,6.9c0.1,0.1,0.1,0.2,0.2,0.4c-0.3,0-0.5,0-0.7,0.1c-0.5,0.1-0.7-0.1-1-0.5    c-0.9-1.6-1.8-3.2-2.8-4.9c-0.2-0.4-0.4-0.5-1-0.5c-2.5,0.3-5,0.5-7.4,0.7c-3.1,0.3-6.2,0.6-9.3,1c-2.4,0.2-4.9,0.5-7.3,0.7    c-1.7,0.2-3.3,0.3-5.1,0.5c0.1,0.2,0.1,0.3,0.1,0.5c4.7,9.2,9.5,18.4,14.2,27.6c0.8,1.6,0.8,1.5,2.6,1.2c2.2-0.5,4.5-0.9,6.7-1.4    c0.3-0.1,0.6-0.1,0.8,0.2c0.8,0.7,1.6,1.4,2.5,2.2c-0.5,0.1-1,0.2-1.5,0.4c-3.6,0.8-7.1,1.6-10.7,2.4c-0.8,0.2-0.8,0.2-1.3-0.6    c-3.5-6.8-7-13.7-10.5-20.5c-1.7-3.2-3.3-6.5-5-9.7C6.1,8.8,5.9,8.7,5.8,8.5c0-0.2,0-0.4,0-0.6C6.2,7.3,6.6,6.7,7,6.2    c0.2-0.3,0.4-0.6,0.9-0.6c3.2-0.3,6.4-0.7,9.6-1c2.4-0.2,4.9-0.5,7.3-0.7c3.3-0.3,6.6-0.7,9.9-1c0.6-0.1,1.2-0.3,1.8-0.4    C37.2,2.4,37.9,2.4,38.6,2.4z"
+   id="path10" />
+		<path
+   class="st5"
+   d="M50.9,32.2c0,0.4,0,0.8,0,1.1c0,1.4,0,1.4-1.3,1.7c-3.9,0.9-7.9,1-11.8-0.3c-3.9-1.3-6.1-4.1-6.8-8.1    c-0.4-2.3-0.4-4.7,0.2-7c0.8-3.1,2.7-5.2,5.7-6.4c2.9-1.1,6-1.4,9.1-1c1.4,0.2,2.7,0.4,4.1,0.6c0.6,0.1,0.8,0.3,0.7,0.9    c0,0.6,0,1.2,0,1.8c-2.8-1-5.6-1.2-8.4-1c-1.5,0.1-2.9,0.4-4.2,1.1c-2.2,1-3.5,2.8-4,5.1c-0.5,2.2-0.4,4.4,0.2,6.6    c0.9,3,2.9,4.8,5.9,5.6c2.9,0.7,5.9,0.6,8.8-0.1C49.7,32.5,50.2,32.4,50.9,32.2z"
+   id="path12" />
+		<path
+   class="st6"
+   d="M21.4,12.3c-0.2,0.1-0.4,0.2-0.7,0.3c0.7,1.3,1.3,2.5,1.9,3.7c1.5,2.9,3,5.8,4.5,8.7c0.2,0.5,0.4,1.1,1.2,0.8    c0.1,0,0.3,0.2,0.3,0.3c0,0.2-0.1,0.6-0.2,0.6c-0.4,0.2-0.9,0.2-1.3,0.3c-0.1,0-0.3-0.2-0.4-0.3c-0.2-0.4-0.4-0.7-0.6-1.1    c-2-3.9-4-7.8-5.9-11.8C19.6,12.7,20,12.2,21.4,12.3z"
+   id="path14" />
+		<path
+   class="st7"
+   d="M25.7,11.6c2.7-0.3,5.4-0.5,8.1-0.8c0,0.1,0,0.2,0,0.4c-2.7,0.3-5.4,0.5-8.1,0.8    C25.7,11.9,25.7,11.7,25.7,11.6z"
+   id="path16" />
+		<path
+   class="st8"
+   d="M31.3,8.5c-0.6,0.3-1,0.2-1.3-0.4c-0.2-0.5-0.6-1-0.8-1.5C30,6.1,30,6.1,30.4,6.8C30.7,7.4,31,7.9,31.3,8.5z"
+   id="path18" />
+		<path
+   class="st9"
+   d="M26.6,6.7c0.9-0.2,0.9-0.3,1.3,0.5c0.3,0.4,0.5,0.9,0.7,1.4c0,0.1,0,0.1,0,0.2c-0.7,0.4-0.8,0.2-1.2-0.4    C27.2,7.8,26.9,7.3,26.6,6.7z"
+   id="path20" />
+		<path
+   class="st10"
+   d="M24,7c0.9-0.3,1-0.3,1.4,0.5c0.2,0.5,0.5,1,0.8,1.5c-0.4,0.3-0.8,0.4-1.1-0.1C24.8,8.2,24.4,7.6,24,7z"
+   id="path22" />
+		<path
+   class="st10"
+   d="M23.6,9.2c-0.6,0.3-1,0.2-1.2-0.4c-0.3-0.6-0.6-1.1-0.9-1.6c1-0.3,1-0.3,1.4,0.5C23.1,8.2,23.3,8.6,23.6,9.2    z"
+   id="path24" />
+		<path
+   class="st11"
+   d="M21.2,9.4c-0.7,0.3-1,0.1-1.3-0.4c-0.3-0.5-0.6-1.1-0.9-1.6c0.7-0.3,1-0.2,1.3,0.4    C20.6,8.3,20.9,8.8,21.2,9.4z"
+   id="path26" />
+		<path
+   class="st12"
+   d="M25.7,11.6c0,0.1,0,0.2,0,0.3c-1.4,0.2-2.8,0.4-4.4,0.4C22.1,11.9,23.6,11.6,25.7,11.6z"
+   id="path28" />
+		<path
+   class="st13"
+   d="M33.8,11.2c0-0.1,0-0.2,0-0.4c0.2,0,0.5,0,0.6,0.1c0.3,0.4,0.6,0.9,0.9,1.6c-0.6-0.1-0.7-0.5-0.9-0.7    C34.3,11.5,34,11.3,33.8,11.2z"
+   id="path30" />
+	</g>
+</g>
+<g
+   inkscape:groupmode="layer"
+   id="layer1"
+   inkscape:label="Layer 1"><g
+     id="g464"
+     transform="matrix(0.02414714,0,0,0.02066159,39.89911,53.78735)"><g
+       id="g228">
+	<g
+   id="g226">
+		<path
+   d="M 392.328,211.614 V 121.915 C 392.328,54.365 337.514,0 269.963,0 H 243.556 C 176.005,0 120.905,54.365 120.905,121.915 v 89.699 c -27.142,0.072 -48.116,21.344 -48.116,47.484 v 204.208 c 0,26.182 22.206,48.694 48.39,48.694 h 271.16 c 26.184,0 46.87,-22.512 46.87,-48.695 V 259.097 c 10e-4,-26.139 -20.973,-47.412 -46.881,-47.483 z M 145.581,121.915 c 0,-53.944 44.031,-97.241 97.976,-97.241 h 26.407 c 53.945,0 97.69,43.297 97.69,97.241 v 90.287 h -24.675 v -90.287 c 0,-40.339 -32.675,-72.566 -73.015,-72.566 h -26.407 c -40.339,0 -73.301,32.226 -73.301,72.566 v 90.287 h -24.675 z m 172.723,0 v 90.287 H 194.93 v -90.287 c 0,-26.734 21.893,-47.891 48.626,-47.891 h 26.407 c 26.734,0 48.341,21.157 48.341,47.891 z m 96.231,341.39 c 0,12.926 -10.213,24.021 -22.812,24.021 H 120.277 c -12.599,0 -22.812,-11.095 -22.812,-24.021 v -203.64 c 0,-12.926 10.213,-22.787 22.812,-22.787 h 271.446 c 12.599,0 22.812,9.861 22.812,22.787 z"
+   id="path224" />
+	</g>
+</g><g
+       id="g234">
+	<g
+   id="g232">
+		<path
+   d="m 256.878,268.876 c -31.649,0 -57.705,25.828 -57.705,57.575 0,17.112 8.095,33.147 20.432,44.095 v 70.514 c 0,6.813 6.14,12.954 12.954,12.954 h 49.349 c 6.814,0 11.721,-6.142 11.721,-12.954 v -70.535 c 13.571,-10.832 20.634,-26.852 20.634,-44.075 0,-31.747 -25.572,-57.574 -57.385,-57.574 z m 17.967,85.158 c -3.483,2.28 -5.891,6.161 -5.891,10.324 V 429.34 H 244.28 v -64.982 c 0,-4.163 -1.791,-8.045 -5.274,-10.324 -9.491,-6.209 -15.003,-16.522 -15.003,-27.583 0,-18.141 14.755,-32.9 32.799,-32.9 18.206,0 32.902,14.759 32.902,32.9 0,11.231 -5.627,21.542 -14.859,27.583 z"
+   id="path230" />
+	</g>
+</g><g
+       id="g236">
+</g><g
+       id="g238">
+</g><g
+       id="g240">
+</g><g
+       id="g242">
+</g><g
+       id="g244">
+</g><g
+       id="g246">
+</g><g
+       id="g248">
+</g><g
+       id="g250">
+</g><g
+       id="g252">
+</g><g
+       id="g254">
+</g><g
+       id="g256">
+</g><g
+       id="g258">
+</g><g
+       id="g260">
+</g><g
+       id="g262">
+</g><g
+       id="g264">
+</g></g></g></svg>
diff --git a/layers/meta-balena-hab b/layers/meta-balena-hab
new file mode 160000
index 00000000..b9e59daa
--- /dev/null
+++ b/layers/meta-balena-hab
@@ -0,0 +1 @@
+Subproject commit b9e59daac7ab94715ed64f321a00b2da0ef7314e