> But it's not perfect protection (a compromised kernel will give up the keys too). Honestly, given the frequency with which we see kernel exploits in the wild I'd say it's at best incrementally better protection.
There is no such a thing as perfect protection. All security is incrementally better protection.
No, your point is –in your own words– that, since it’s at best incremental protection, it isn’t worth the non-trivial costs. Which is not a good point because, as I said and you agreed, all security is at best incrementally better protection. If that was really your point, we could as well just drop any protection, since none of it is perfect.
You may say the increment in protection is not enough to justify the costs, but that would be a different story.
You've completely lost me. That last sentence? That's what I meant.
The first bit is either a terrible mistake or a deliberate misreading. For the life of me I can't figure out how you think "it isn’t worth the non-trivial costs" (which, by the way, are not my words) and "not enough to justify the costs" mean different things.
There is no such a thing as perfect protection. All security is incrementally better protection.