[alkonaut]

What would be "actual security" in this context?

This isn't about security of the same kind as authentication/encryption etc where security by obscurity is a bad idea. This is an effort where obscurity is almost the only idea there is, and where even a marginal increase in difficulty for tampering/inspecting/exploiting is well worth it.

[fsflover]

The one not described as "security through obscurity".

[alkonaut]

My point is: the "security through obscurity is bad" and "security through obscurity isn't real security" are both incorrect.

They apply to different threats and different contexts. When you have code running in the attackers' system, in normal privilege so they can pick it apart, then obscurity is basically all you have. So the only question to answer is: do you want a quick form of security through obscurity, or do you not? If it delivers tangible benefits that outweigh the costs, then why would you not?

What one is aiming for here is just slowing an annoying down an attacker. Because it's the best you can do.

[fsflover]

Somehow your approach was not chosen by Intel ME or AMD PSP, and they remain unbreakable.

[alkonaut]

That's orthogonal to this. That requires special hardware and using those doesn't really rule this out as an additional measure.