The more and more I look at
's dumps the more its revealing. There are a lot of references to dongle key. And one mention of a masterKey field. I think its simply the dongles master key.
Now to confirm this, we need to gain access to the so called "masterkey". From here we can attempt to decrypt a eboot released from TB, and see what happens. If we are successful in doing so, then we at least know what key (3.55 or 3.6+) was used to sign it.
If there is something more complex going on (they have 3.6+ private keys) then perhaps we would have to dig further into the dongle