Kernel Module Management

The Linux kernel does not load every possible driver and feature at startup. Instead it uses a modular system — most functionality is compiled as separate modules that can be loaded and unloaded at runtime without rebooting. Understanding this gives you real control over what the kernel is doing.

What is a kernel module?

A kernel module is a piece of code that can be loaded into the kernel on demand and removed when no longer needed. Modules extend kernel functionality without requiring a full kernel recompile or reboot.

Common uses:

• Hardware drivers (GPU drivers, network cards, USB controllers)
• Filesystem support (ext4, btrfs, ntfs)
• Network protocols and features
• Security modules (AppArmor, SELinux)

Modules are .ko files (kernel object) stored under /lib/modules/$(uname -r)/.

ls /lib/modules/$(uname -r)/kernel/drivers/

lsmod

List currently loaded modules:

lsmod

Module                  Size  Used by
nvidia              35282944  0
nvidia_uvm           1245184  0
bluetooth             663552  28
snd_hda_intel          57344  3
snd_hda_codec         172032  1 snd_hda_intel
e1000e               303104  0

The columns are:

• Module — module name
• Size — size in bytes
• Used by — how many things depend on it, and what they are

A module with Used by count of 0 can be safely unloaded.

modinfo

Get detailed information about a module:

modinfo e1000e

filename:       /lib/modules/6.1.0/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko
description:    Intel(R) PRO/1000 Network Driver
author:         Intel Corporation
license:        GPL v2
version:        3.2.6-k
depends:        ptp
parm:           debug:Debug level (0=none,...,16=all) (int)
parm:           copybreak:Maximum size of packet that is copied to a new buffer on receive (uint)

Useful fields:

• filename — where the module file lives
• depends — other modules this one requires
• parm — parameters you can pass when loading the module

modprobe

modprobe is the right way to load and unload modules. It handles dependencies automatically.

Load a module:

sudo modprobe e1000e

modprobe reads the dependency map and loads any required modules first.

Load a module with parameters:

sudo modprobe e1000e debug=1

Unload a module:

sudo modprobe -r e1000e

-r removes the module and any dependencies that are no longer needed.

Dry run — show what would be loaded without actually loading:

sudo modprobe --dry-run e1000e

insmod and rmmod

insmod and rmmod are lower level than modprobe. They do not handle dependencies.

sudo insmod /lib/modules/$(uname -r)/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko
sudo rmmod e1000e

Use modprobe instead unless you have a specific reason to use these directly.

depmod

depmod generates the module dependency map that modprobe reads. It is normally run automatically after installing a new kernel or adding modules, but you can run it manually:

sudo depmod -a

The output goes to /lib/modules/$(uname -r)/modules.dep.

/etc/modules

Modules listed in /etc/modules are loaded automatically at boot.

cat /etc/modules

# /etc/modules: kernel modules to load at boot time.
loop

Add a module name on its own line to load it at boot. Parameters are not supported here — use /etc/modprobe.d/ for that.

/etc/modprobe.d/

This directory contains configuration files for modprobe. Files here control options, aliases, and blacklisting.

Passing parameters at load time

Create /etc/modprobe.d/e1000e.conf:

options e1000e debug=1 copybreak=256

Now whenever e1000e is loaded, it gets those parameters.

Module aliases

alias eth0 e1000e

This tells modprobe that when something asks for eth0, load e1000e.

Blacklisting modules

Blacklisting prevents a module from being loaded automatically. Useful when a module causes problems or you want a different driver to take precedence.

Create /etc/modprobe.d/blacklist-nouveau.conf:

blacklist nouveau

The module still exists on disk — it just will not be loaded automatically. To prevent it from loading at all (even manually), add:

install nouveau /bin/false

This replaces the install command for the module with /bin/false, which always fails.

A common use case is blacklisting the open source nouveau driver so the proprietary NVIDIA driver can take over.

Checking what module is handling a device

To find out which module is driving a specific piece of hardware:

lspci -k

02:00.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection
	Subsystem: Lenovo ThinkPad X220
	Kernel driver in use: e1000e
	Kernel modules: e1000e

For USB devices:

lsusb -v 2>/dev/null | grep -A5 "Driver"

Module signing

On systems with Secure Boot enabled, the kernel may require modules to be signed with a trusted key. Unsigned modules will be refused.

Check if your kernel enforces module signing:

cat /sys/module/module/parameters/sig_enforce

1 means enforcement is on. 0 means it will warn but still load unsigned modules.

For custom or out-of-tree modules on a Secure Boot system, you need to generate a key pair, enroll the public key in the MOK (Machine Owner Key) database, and sign the module:

openssl req -new -x509 -newkey rsa:2048 -keyout signing_key.pem -out signing_cert.pem -days 36500 -subj "/CN=Module Signing Key/" -nodes
sudo mokutil --import signing_cert.pem
# reboot and enroll the key in the MOK manager
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 signing_key.pem signing_cert.pem mymodule.ko

Kernel modules are how Linux stays lean — the kernel loads what it needs and nothing more. Knowing how to inspect, load, configure, and blacklist modules means you can control exactly what the kernel is running and debug hardware issues at the driver level.

Next up: the /proc filesystem in depth — the kernel's window into its own state.