Live mode does not use squashfs, but the host/iso does which will fail if the module is not loaded.
Instead of blacklisting you could also skip compiling them into the custom kernel. I guess the cloud kernel from the debian repo won’t have most of those and other stuff. But I also could not get it to work.
Why just stick to non-root?