Alright so if updates are applied OTA and the updates need to be signed to be properly installed then the bootloader is already set to take a certain type of keys unless when you update ATT adds the next key for the next OTA in boot loader. But if there is a specific set of keys that are produced by a specific algorithm that the bootloader is already set to accept then all we would need to unlock a bootloader is that algorithm right? If we were to found out the algorithm ATT uses to created the keys that the bootloader accepts then we could replace the bootloader with an unlocked one