[Q] Some creative thoughts for Nook Color Hackers
It looks like it might
be possible to subvert the signing of updates. I say might because if I was doing this I would embed several key checksums into the firmware and use them when loading a bootloader or an update.
The CERT.RSA file is included in the *update.zip file but the machine lacks the communications needed to verify that the signature is valid. (Evil Laughter) Therefor someone could create a completely false keychain and sign the update with the key they generated.
Of course that might work for the install and then fall flat when you actually connected, but a little creativity might get you past that, assuming that you even care.
This might be the hack needed to semi-permanently roll back the locked bootloader, but I do not know enough to implement it.
One bit that I think will be needed is a kernel module to re-direct user-land read access to the boot loader to a backup of the locked bootloader so that those apps (netflix) that check this will see what they expect.
Anybody care to attempt part of this?