If you use a hardmod you can just replace FIRM directly with a patched version since the FIRM from the FIRM partitions are parsed by boot9. You will not however be able to, let's say, perform a firmlaunch at runtime from a non vulnerable FIRM to load a FIRM that is "signed" with SighaxI wasn't talking about FIRM, and I was more saying the general premise of sighax and fake signing FIRM gives us access to exploit a system no matter what firmware it's on. i.e. hacking 11.4 consoles without arm9 or arm11 kernel via hardmod.
--------------------- MERGED ---------------------------
I think what he meant was that Gateway payload/firmware does not prevent APIs to overwrite the FIRM partitions (which presumably is very bad and very risky while running a9lh)How do you explain Gateway working perfectly fine on every firmware up to 11.2? There was some kind of change in 11.3 that wrote to firm on opening the home menu.