If the kernel HAS the private key, and will check the signature against a boot service variable-located public key, the malware can sign the restore image with the private key. If the public key is stored anywhere else, the malware can overwrite it with his own public key. Anyway, the malware can boot the compromised system by crafting a restore image, signing it and forcing a reboot. All that WITHOUT asking the user to do anything. And all that with the user thinking that his boot-time environment is perfectly safe.