Skip to content

Gentoo Kernel Optimization Guide

Step-by-step Gentoo kernel hardening and cleanup guide using localmodconfig and localyesconfig. Learn how to strip unused drivers, keep boot-critical options, and safely build a lean Linux kernel

Use localmodconfig to cut modules to what you’re using right now

This is the fastest win. It keeps only modules that are currently loaded (plus dependencies).

Before running it, make sure you’ve actually exercised the hardware you care about:

  • bring up networking (wifi/ethernet)
  • mount external disks if relevant
  • plug in USB devices you use
  • start your desktop stack if you use one (GPU driver, sound, etc.)

Enter kernel path and run below commands

cd /usr/src/linux
make localmodconfig
  • This will prompt sometimes (new options). When in doubt, keep safe defaults or answer conservatively (don’t disable filesystems you might boot from).

Reduce further using “localyesconfig” (optional)

If you want fewer modules and faster boot, you can bake detected drivers into the kernel:

make localyesconfig

Good for single machine kernels. Risk: if you later change hardware (different NIC, storage controller), it won’t just load a module.

Identify critical must not break boot items

Before you start turning things off aggressively, make sure these are correct:

Storage + root filesystem

  • Your disk controller driver (NVMe/AHCI/RAID/etc.)
  • Your root filesystem driver (ext4/btrfs/xfs…)
  • If you use LUKS: dm-crypt
  • If you use LVM: device-mapper, lvm
  • If your root is on RAID: mdadm bits
  • Initramfs support if you use it

Firmware

Firmware loader (`and keep linux-firmware installed if needed`)

CPU microcode (if you use it)

Often handled by initramfs or separate microcode package; don’t guess.

Use menuconfig to remove whole categories safely

make menuconfig

Practical targets to disable on a single Gentoo box:

  • Device Drivers -> Staging drivers (usually can be n)
  • Filesystems you never use
  • Old network protocols you don’t use (Appletalk, IPX, etc.)
  • Random sound card families you don’t own
  • Most ISDN, IEEE 1394 (FireWire) if you don’t use it
  • Huge swaths of GPU drivers except your own (i915/amdgpu/nouveau…)
  • A good tactic: keep “bus” support generic (PCI, USB core), but narrow down actual device drivers.

Build & install (Gentoo style)

make -j"$(nproc)"
make modules_install
make install
  • Then update your bootloader and initramfs if you use one.
  • If you’re using genkernel for initramfs, you can still keep it, but switch to a leaner config. If you’re not sure, don’t remove initramfs support.

Safety net: keep your old kernel as a fallback

Before rebooting:

* Keep the old kernel entry in GRUB
* Don’t delete the old /lib/modules/<oldversion>
* Keep an initramfs that boots

That way, if your “slim” kernel misses a driver, you just boot the old entry and re-enable what you need.

How to know what you really need (useful commands)

lspci -k
lsusb
lsmod
findmnt -no SOURCE,FSTYPE /
dmesg -T | grep -iE 'firmware|failed|error'
  • lspci -k is especially valuable because it shows “Kernel driver in use”.

If you want the cleanest approach for Gentoo: use distro configs as a base

Gentoo installs kernel config seeds under:

  • /usr/src/linux/arch/x86/configs/
  • or use sys-kernel/gentoo-kernel / gentoo-kernel-bin which comes with a sane config and tooling, and you can still customize.

Build initramfs using your current /usr/src/linux/.config

genkernel --kernel-config=/usr/src/linux/.config initramfs

A very practical (do it now minimal plan)

zcat /proc/config.gz > /usr/src/linux/.config
cd /usr/src/linux
make olddefconfig
make localmodconfig
make menuconfig
make -j"$(nproc)" && make modules_install && make install
genkernel --kernel-config=/usr/src/linux/.config initramfs
grub-mkconfig -o /boot/grub/grub.cfg
reboot