Actually we have broken the chain of trust best possible place. Wouldn't it be possible to manipulate the decrypted .ELF after it has been loaded to memory? That way, we could do a chain of code-caves ( dunno if there is such thing, refering to my old know. from pc :D ) which would do necessary code changes each boot. All with one , modified lv0.
How about that , devs?