Hi,
I haven't looked at the details of your code, so these are just ideas what could be wrong. I was able to run bbl with linux a while ago.
1. Device tree provided to bbl not correct. Although this should cause exceptions in bbl already
2. reserved-memory area provided to kernel doesn't match your changed address of bbl, which can cause the kernel to override the m-mode handlers
-> my suggestion for now: change the coreboot ramstage location instead (easier anyway)
3. Are you really executing BBL in m-mode? Try to execute the payload directly instead of mret.
Can you provide the serial output that you receive?
Philipp