Not again.
You either haven't bothered to read up on digital signatures, or haven't understood them, in spite of the simplicity of the article I linked to in my first reply.
The digital signature is different for every single file. I'll say it again in a different order in the hope that it might sink in - every single file has a different digital signature. The signature for one file is of no use with another file, because it simply won't match the second file.
It's the public key that's stored on the Xbox, and the public key is used to VERIFY the digital signature of the file. To sign the file you need the private key. Microsoft's private key is probably not stored in one place, is definitely only accessible to a handful of people, and is therefore unlikely to ever be seen outside of Redmond. I'll say that again as well, in the hope that it might sink in; you can only sign a file with the private key, and only Microsoft has the private key, and the private key ISN'T on your Xbox, it's held at a secure Microsoft location.
FYI, in case you were wondering, JTAGs can run unsigned code because they bypass the signature check - broadly the same method that was used on the Xbox 1. That's the only feasible method to get round the signature problem.
So please, stop flogging this dead horse. Your idea (it was never a theory, in spite of the title) simply won't work. To summarise what I said to your equally misguided supporter, if you can't even grasp the basics of digital signatures then you should stop digging yourself further into this hole, and leave the real engineering to people who know what they are talking about.