Comment 5 for bug 1218954

Unfortunately, no, otherwise it'd be possible for the user to pass a new key and bypass the validation, which would defeat its purpose.

The plan for the ports where they'll need to do something like that is to have them include a different master key in their android build which will then result in a different android tarball with a different recovery image.
It'll be fine for them since they need a custom android anyway (different hardware) but for QA, that'd mean testing images that are different from the real thing, which I doubt you'd want.