It has been done, but as it is closely tied to the kernel you shouldn't count on being able to do so. Normally a custom kernel goes hand in hand with permissive rights.
A custom kernel will still trip Knox when the signature is checked during boot.
if it has been done and Knox wasn't tripped this means that the signature is still stock
Which means we only need a kernal dump from the device in which it was done
Am I wrong ?
Sent from my SM-G900F using XDA Premium 4 mobile app
You're wrong because you're making an incorrect assumption.
It wasn't a flawed kernel with a valid signature, but rather an exploit that bypassed the signature check altogether. An exploit that is no longer possible.