If all you want to do is prevent someone from loading a bunch of drivers that you have identified as unhardened, why not just use a modprobe blacklist?
That wouldn't help for builtin drivers, we cannot control initcalls. This LWN article has more details on the background. https://lwn.net/Articles/865918/ -Andi
Am I missing something? Alan Stern
