I don't understand the fixation about the kernel module signing as the only way to prevent this.
The main purpose of the kernel module appears to be to hide the presence of the malware. If someone has root level access to my system to attempt to install a kernel module, their ability to hide their presence would not be my only concern. Pretty much any program set to start automatically when the system boots would also persist across reboots, it just wouldn't be hidden.