At least some of the files seem to use the same encryption key. I tested this with applelogo.img2 by striping off the 8900 header on both the iphone 1.1.1 and itouch 1.1 versions. They then have the same sha1sum. That means the key has stayed the same across versions, that is very telling.
We know that downgrading the firmware has always been impossible, since 1.0.1. So we can assume that Apple has a way of assuring the firmware is not an older one, without checking if its encrypted. So if we can learn how to downgrade from 1.0.2 to 1.0.1, the process might be similar from 1.1.1 to 1.0.2.
Build a bootloader that allows you to use iPhone with open source and no baseband. Reboot and you can use 1.1.1 signed application and make phone calls. Windows/Linux uses this approach. You already have the bootloader for 1.0.0 and 1.0.1 and 1.02. You merely need to boot to 1.02 or to 1.1.1. This might keep Apple happy and allow them to not hurt users in the process and Community will keep applications available. The seperation will be healthy and will lead to code on the open source side moving to the signed side as Apple permits (under their control for signautre) but allows it to function as the community develops it wouthout their approval if the developer doesnt care. The bootloader would load Community Iphone or Apple Signature Iphone.
Still another proposed approach: What about an ARM emulator with a fully functional 1.0.2 image, which you could then upgrade to 1.1.1 and then watch everything unfold as things get communicated and decrypted How difficult would it be to write an emulator for an 1.0.2 iphone given that we have full access to one And after upgrading it you would have a 1.1.1 emulator, ready for 1.2.1 :)
If I had the time this is exactly the approach I'd be using with attempting to crack 1.1.1. I'd find, build, and install an ARM debugger on a 1.0.2 iPhone, copy over the relevant 1.1.1 files, and get cracking.
The default software and middleware stacks can be extended thanks to enhanced STM32Cube Expansion Packages. STMicrolectronics or STMicrolectronics' partner packages can be downloaded directly from a dedicated package manager available within STM32CubeMX, while the other packages can be installed from a local drive. 153554b96e