If you’re just interested in keeping your kernel module-free and be able to watch funny cat videos on youtube, skip to the solution.

I’m an avid user of the Gentoo flavour of Linux, specifically the Hardened profile. As you can imagine, I like to think of myself as a security-aware user. With that in mind, I prefer to keep my kernel module-free (by actually disabling the ability to load kernel modules), building in every driver that I need and keeping all the rest out. The reason for this, from a security point of view, is that loading a malicious kernel module is very often [citation needed] the second step after a successful privilege escalation. I don’t need module loading – I know my hardware, it doesn’t change that often.