> 2. Once malware is running as your user, how do you expect to protect against that even with a keychain?

A kernel-backed mechanism could enforce that access to the secret decryption syscalls can only be done from untampered signed processes.

Assuming an user has a distinct login password they are not using anywhere else and the public key of the codesign certificate is part of the kernel-side secret, a malware has no chance of getting access to the secret, unless it exploits a code execution vulnerability in the target program.

> How are you going to support different keychains on different OSes?

A minimal interface with three calls: 1) create/delete a kernel-side secret, 2) encrypt a secret using a key derived from the user's keychain and the application's public key, 3) decrypt a secret using said key.

Android brings such an API (KeyStore), macOS' Keychain should support something like that via its ACL feature. Where additional work is needed is Windows (its DPAPI only protects secrets from other users, apps can get other apps' secrets by design to implement SSO) and Linux (which doesn't have any way to verify in the kernel if an application has a code signature).

Browsers and other apps wishing to protect secrets from malware could use an abstraction layer that uses the best available mechanism on each platform, the three operations should be enough for this purpose.