And so I've been digging into this, and it turns out that this is really quite similar to how the Gen 7 Archos 5 IT is locked.
The signature there is a RSA + MD5 signature, which is really the worst case as that means a 2048 bit RSA key, so we're kinda screwed there.
... has a good description of the situation on the 5IT. Getting a flash_unlock binary should be fairly trivial, so perhaps we can tamper with the key store to add additional keys.
just a note of caution, if you write a bad key store or a bad bootloader, you will brick this device permanently. I would advice you to wait for the gen8 "SDE" release that will allow you to run your own kernel and userspace without risk of bricking. SDE should be out in a few days.