No, reflashing the kernel is not enough. You need to reflash the whole firmware.

How it works; when you flash a non-signed kernel the flasher (or actually the APE algo) detects that and disables access to the protected parts of system in the boot phase. This change is pernamently one-way, and can be undone only if APE flashes the whole firmaware with signed packages, not just the kernel.

Rationale for that is easy to understand, yet it remains predominantly evil...
If it was allowed to run unsigned kernel and then return back to stock kernel with device still in protected mode, then it would be possible to make any kind of modifications to the system and retain them when in protected mode.... (something that device manufacturers do not like to see done)

SO there is easy rule-of-thumb; if, for whatever reason, your device for a split second enters open mode it stays in open mode until you fully reflash it with original sibned packages

[*] there are ways to get around this, but they are not easy and require either special tools or utilize some lesser known weaknesses of the system. Hence I will not discuss them here...