I don't agree with the idea that it's illegal to modify a certified stack, but I will say that there are lots of different types of certification.
With some types of certification the manufacturer certifies that the device meets specific specs, and it's not legal to use any devices that don't have this certification. This doesn't mean that the device can't be modified, just that use outside the certified specs is not certified (and therefor may not be legal, depending on what licensing you have)
an example of this is 'type accepted' 2-way radios where the manufacturer certifies that on <this> range of frequencies the performance of the radio is <this>. If the radio gets modified to operate outside of that range of frequencies, the manufacturer makes no certification of the performance, and so it may not be legal to use it (even if you have a valid license to transmit on the new frequency)
However, the types of things that the FCC (in the US, similar organizations in other countries) are concerned about are things like power level, frequency stability, how clean the signal is, modulation type, etc. not how well it complies with encryption standards or if it waits it's 'turn' properly.
We have seen several examples of regulated 'transmissions' be able to be performed by certified open source code. I think the first example was the ISDN code in Linux and it's need to be certified for use in several countries, but there have been several others over the years. I really don't see GSM from being any different. The fact that Harold Weite has been able to get licenses to setup a cell tower for testing use running on completely opensource code is a good indicator that there is a path open here.