Although you can't make a homebrew loader with just ROP, if GW indeed has a kernel exploit, it's a matter of finding out how signature checks are made, using ROP to patch it, and allow you to install homebrew. A homebrew loader is absolutely possible if they have kernel access.