I read the OP, but I did not read through this whole thread. Because of my recent experiences with the MF3 update, I can say that the OP requires some updating for clarification. I encourage you to read the following information I have gathered on the subject:
- The MF3 update patched the Loki exploit that was in the MDB/MDL "aboot" part of the bootloader that Dan discovered/published.
- The MF3 update patched the exploit that Dan's "motochopper" rootign method took advantage of.
- The MF3 update indeed blew Qfuses (permanently increased the monotonic counter on an e-fuse) such that the device will refuse to accept, and refuse to boot any firmware that is older than MF3.
- The bootloaders are digitally signed such that replacing them with custom code will cause them to fail to load - causing hard bricks if attempted.
- Without a custom bootloader, we have no hope of ever running other native-linux operating systems, Windows, or IOS. Emulation and "chroot" methods might still exist, but these are not the same.
- Normally, recovery images and Kernels are signed, and must be verified by "aboot" (the last stage of the bootloader) upon boot. This makes booting a custom recovery or custom ROM "impossible."
- Previous to MF3, Dan's Loki exploit worked around a security flaw in aboot. His patch would be applied to a custom recovery or a custom Kernel to allow it to be accepted by aboot.
- Obtaining root will NOT grant us a custom recovery. This would require a completely separate exploit that would be similar to an unlocked bootloader, or an otherwise an exploit around the locked bootloaders (like Loki).
- If you're looking for fully unlocked bootloaders, you're looking for the ability to fundamentally change the operating system on this android device. Granted, this would also allow custom recovery, or custom roms.
I hope you find this information useful. Even more, I hope that a root for MF3 is found, for the benefit of everyone now stuck on MF3. It would be great to find a new exploit that allows custom recoveries and custom kernels again. But most important for me, would be unlocked bootloaders such that we can replace them with the bootloaders necessary to run things like native Ubuntu linux.