How to Disable Unnecessary Kernel Modules on Arch Linux
Categories:
5 minute read
Kernel modules are integral to how Linux systems function. They serve as loadable extensions to the Linux kernel, enabling support for specific hardware devices, filesystems, and other functionalities. While the modular nature of the kernel offers flexibility, many modules might be automatically loaded even if they’re not needed. On performance-sensitive systems—or for improving security—it can be beneficial to disable unnecessary kernel modules.
This guide will walk you through how to identify, blacklist, and disable unused or unneeded kernel modules on an Arch Linux system, step-by-step, with a focus on caution and maintainability.
📌 Why Disable Unnecessary Kernel Modules?
Before diving into the how-to, let’s understand the “why.”
✅ Performance
Every kernel module consumes a small amount of system memory and may introduce overhead. While the impact might be minimal on a desktop, in high-performance or embedded systems, this can matter.
✅ Security
Some kernel modules, especially those related to networking or legacy filesystems, may open up potential attack surfaces. Disabling modules like firewire-core, bluetooth, or usb-storage when unused can reduce the threat landscape.
✅ Stability and Cleanliness
Eliminating unused modules can lead to a cleaner system environment, making debugging and maintenance easier.
🛠 Step 1: List Currently Loaded Kernel Modules
Start by identifying what kernel modules are currently loaded.
lsmod
This command lists all currently loaded kernel modules, along with their size and usage count.
To get detailed information on a particular module:
modinfo module_name
Or use:
lspci -k
This will show which kernel drivers are in use for PCI devices, which helps you understand what hardware is utilizing what module.
You can also use lsusb to see USB devices and their associated drivers.
🛠 Step 2: Identify Unnecessary Modules
This step requires some discretion. Ask yourself:
- Do I use this device or feature?
- Is this module required for boot or hardware?
- Could this module expose a security risk?
Here are examples of modules often safe to disable if unused:
bluetoothfirewire-coreuvcvideo(for webcams)snd-usb-audio(for USB audio devices)pcspkr(PC speaker)joydev(joystick support)parport_pc(parallel ports)floppy
Use caution with filesystem and network modules. For instance, disabling nfs or cifs is fine if you’re not using those filesystems, but disabling ext4 on a system that boots from an ext4 partition will break it.
🛠 Step 3: Blacklist Kernel Modules
To prevent a kernel module from loading automatically, you can blacklist it.
✅ Method: Blacklisting via modprobe.d
Create or edit a .conf file in /etc/modprobe.d/, such as:
sudo nano /etc/modprobe.d/blacklist.conf
Add entries like this:
blacklist firewire-core
blacklist bluetooth
blacklist uvcvideo
blacklist joydev
This tells modprobe not to load these modules during boot or hotplug events.
⚠️ Note: Blacklisting does not unload already loaded modules or prevent manual loading by root.
🛠 Step 4: Prevent Module Auto-loading via initramfs
Some kernel modules are bundled into the initramfs—a temporary root filesystem loaded before your actual root filesystem.
To prevent unnecessary modules from being included:
- Edit
/etc/mkinitcpio.conf:
sudo nano /etc/mkinitcpio.conf
In the
MODULES=()line, only include required modules (or leave it empty for auto-detection).To explicitly prevent certain modules, you can use the
MODULES=()section to exclude them by not including them and also blacklist them in a hook.After editing, regenerate your initramfs:
sudo mkinitcpio -P
🛠 Step 5: Create Kernel Module Load Deny Rules
To take stronger action, use /etc/modprobe.d/ rules to not only blacklist but also prevent loading altogether.
In your config file (e.g., blacklist.conf), add lines like:
install bluetooth /bin/false
install uvcvideo /bin/false
This overrides the modprobe behavior, making it impossible to load those modules—even manually.
🛠 Step 6: Unload Already-Loaded Modules (Optional)
If a module is already loaded and you want to remove it without rebooting, you can use:
sudo modprobe -r module_name
Or:
sudo rmmod module_name
Keep in mind:
- Modules with dependencies can’t be removed unless the dependencies are also removed.
- Some modules are in use and cannot be unloaded without stopping the associated service/device.
🛡 Recommended Practice: Audit Before You Disable
Disabling kernel modules can cause boot failure or loss of functionality if done improperly. Here are some tips to proceed safely:
🔸 Use Virtual Machines for Testing
Try changes in a virtualized environment before applying them to your main system.
🔸 Keep a Rescue System Handy
If you disable a critical module and your system fails to boot, you can use the Arch Linux ISO as a live rescue environment.
🔸 Document Changes
Keep a changelog of modules you’ve blacklisted or removed, so you can revert if needed.
🔍 Example: Disabling Bluetooth Support
If you’re not using Bluetooth at all, here’s a complete walkthrough:
- Check for loaded modules:
lsmod | grep bluetooth
- Blacklist them:
sudo nano /etc/modprobe.d/blacklist-bluetooth.conf
Add:
blacklist btusb
blacklist bluetooth
install bluetooth /bin/false
- Regenerate
initramfs(optional):
sudo mkinitcpio -P
- Reboot and verify:
lsmod | grep bluetooth
If it’s not listed, you’re good to go!
📋 Pro Tips and Tools
systemd-analyze
Use this to check boot performance. Disabling unnecessary modules might slightly reduce boot times.
systemd-analyze
dmesg | grep module_name
Helps identify if a blacklisted module still tries to load or causes errors.
Use auditd or systemtap
Advanced users can use auditing tools to trace module loading events.
⚠️ Common Pitfalls
| Mistake | Risk |
|---|---|
Disabling filesystem modules like ext4 | Unbootable system |
| Removing GPU modules | No display output |
| Removing USB modules | No keyboard/mouse on some systems |
| Blindly copying blacklist lists from forums | Unpredictable behavior |
Always analyze your hardware (lspci, lsusb, lsmod) and make informed decisions.
✅ Summary
Disabling unnecessary kernel modules on Arch Linux is a valuable practice for security, performance, and cleanliness. But with great power comes great responsibility. Always test changes, keep backups, and understand the implications of disabling a given module.
In a nutshell
- Use
lsmod,lspci,lsusbto detect hardware and modules. - Blacklist unwanted modules via
/etc/modprobe.d/. - Prevent module loading entirely with
install module /bin/false. - Customize
mkinitcpio.confto reduceinitramfsbloat. - Use
modprobe -rto unload modules (with caution).
Whether you’re hardening a server, tuning a minimal system, or just exploring Arch Linux internals, managing kernel modules effectively is a solid step toward system mastery.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.