I am by no means an expert on the kernel so I'm sure someone can explain much better, but my understanding is based on the following:
Firstly, without executing the exploit to run unsigned code, all code must be correctly signed and any changes to the BLs wil break the signature (including changing the expected LDV). It's not the CPU key that's the problem, it's the digital signature.
Read happy_bunny's post here http://www.xboxhacker.org/index.php?topic=15665.msg114334#msg114334
His psuedo-code indicates the LDV must EXACTLY match the fuseline count. I interpret this to mean that your fuseline count doesn't count by 1 per update per say, it means that it is burned up to the value required to match the CB you are updating too. I admit this seems to contradict what has been previously posted about how the LDV counts work.
This is why you don't have an exploitable kernel if you go straight from launch kernel to 9199.
As for the rebooter, Ikari has designed freeBOOT to launch the 9199 dashboard after booting the exploitable KK kernel. The dash needs to be signed with your CPU key because the much of the chainloading still applies with regards to encryption, however the sig check is bypassed.
In order for you to modify your exploited console to boot into a newer dash, you must modify the rebooter appropriately.
So, you don't need your CPU key to run unsigned code on an exploitable CB. You DO need your CPU key to run an actual MS dashboard, such as rebooting into 9199.
In summary, without exploiting the console, you cannot modify ANYTHING in the system that is digitally signed. This includes ALL the bootloaders, but does not include the SMC code (which is why you can modify it before exploiting).
Once you have exploited the console and are running unsigned code, you can do whatever you want. If you have the expertise to reboot into a newer kernel, then you can do so.
So far only the freeBOOT and XBR teams have publicly demonstrated the ability to reboot properly. If freeBOOT and XBR teams decide to no longer make new releases, we are stuck on 9199 until someone else updates the rebooter and releases it.
I have not tried, but I don't think dropping a kinect dash nand into ibuild is all that's required to update freeBOOT to a different dash.