Originally Posted by ixtab
That said, if it's possible to read/write files (or even entire partitions) via usbhid mode, then that'd probably be the way to look for a jailbreak method which is almost impossible to "close" -- or am I missing something here?
It should be possible to load u-boot into RAM in USB Downloader mode and run it. u-boot sources provided by Amazon contains metadata of "program image" for loading and running it in USB downloader mode. u-boot could be pointed to Linux kernel in RAM, loaded there after u-boot. So, with our loaded kernel (and our initramfs) we could do anything.
But it's possible that Amazon enabled High Assurance Boot feature which is requiring that program image must be signed with some RSA key. The only way to check it is to try to load any "program image".