My thought was mostly that this kind of invasive third party and closed source kernel module security wouldn’t have been necessary. But I’m pretty sure rollbacks can include kernel changes in a previous image.