I did a bit of googling and found this:
(This seems to apply to all Tegra devices including the X1 and K1)
The short story is, it is exceedingly likely Jibo Inc used this SBK process to lock down the boot process. In order to unlock the boot, an encryption key is needed which is permanently baked into Jibo’s ROM. I presume there is (or was?) some text file in the hands of Jibo Inc that mapped each specific Jibo to its secure key so they could inspect it if it was returned.
That file, if it even still exists, is not something you can seriously expect to ever get your hands on. In terms of data breach it would be tantamount to getting a CD of social security numbers.
My suggestion would be, you bought a TX1 board, try to create a new Jibo by plugging that board in and try to get the servos going. I know that you enjoy learning new stuff, I think you will learn a lot more trying to build a fresh system than banging your head against a heavily, heavily fortified wall.
EDIT: And while I know you disagree on that assessment, I am very pleased to see that Jibo Inc took its data protection duties very seriously. The Jibo platform was overall rather underwhelming, but at least the data security guy knew what he was doing.