I don't think it is accurate to say that the kernel has lower privileges. It's j...

I don't think it is accurate to say that the kernel has lower privileges. It's just something the kernel isn't allowed to do, while the exclave has a list of things it isn't allowed to do. Also exclaves are shipped with normal software updates (verified by the boot chain, not the kernel).