The 3G bootloader is sig checked by the bootrom. So even removing the NOR and patching the bootloader(to remove main fw sig checks) and main firmware doesn't work for an unlock. Big thanks to TA_Mobile for dumping the NOR and confirming this. You have some real skills.
The X-Gold 608 is the chip used. The lame "datasheet" infineon gives us shows the hardware RSA and the secure bootrom. So we have a real problem. Even if we find an unsigned code exploit, which wasn't done for the previous two bootloaders in software(we found tricks to play with the nor), we still can't unlock.