There's a difference between poking a hole the device bootloader and the baseband bootloader. The second is wayyy more lockdown and has a tiny attack surface.
A user can directly download the baseband image from the chipset using for example QFIL. Then you can check if it's signed with Qualcomm's key or another. Exploiting this would require Xiaomi to hide two baseband firmwares in the baseband firmware which isn't feasible, and it would also require them to completely rewrite the baseband bootloader instead of just exploiting it.
But even then you'd be able to read the eMMC and notice that there are two baseband firmwares. If you want to figure it out, you're free to buy any Xiaomi phone, read the eMMC, and check how many baseband images there are, then you'll be able to definitively know. Let me know if you do it.
When I said immediately noticeable I meant by Qualcomm, not by the end user though. They have contractual obligations to lock down their baseband and their licensing system relies on it so they have a large incentive.
A user can directly download the baseband image from the chipset using for example QFIL. Then you can check if it's signed with Qualcomm's key or another. Exploiting this would require Xiaomi to hide two baseband firmwares in the baseband firmware which isn't feasible, and it would also require them to completely rewrite the baseband bootloader instead of just exploiting it.
But even then you'd be able to read the eMMC and notice that there are two baseband firmwares. If you want to figure it out, you're free to buy any Xiaomi phone, read the eMMC, and check how many baseband images there are, then you'll be able to definitively know. Let me know if you do it.
When I said immediately noticeable I meant by Qualcomm, not by the end user though. They have contractual obligations to lock down their baseband and their licensing system relies on it so they have a large incentive.