Saw you could find an ARM platform that did not have secureboot forced on. Assuming the peripherals are similar (i.e. the included drivers work), shouldn't windows rt boot on that hardware?
Once you got it to boot without secureboot enabled on the hardware, shouldn't it be trivial to do some binary slicing and dicing to cut the signature checking out of the kernel?
It seems too easy. Where does my line of though fail?