/bin/false already exists and has its permissions correctly set.
I don’t really like the idea of it pointing to an unknown file. What if /bin/false_vivid already exists but with 777 perms? An attacker can write whatever they want there and it will be regularly executed as root.
jitterentropy should be built-in, not a module. We already do that with hardened-kernel though.
LKRG and tirdad should be loaded as early as possible. Preferably, they would also be built-in but that’s not supported (yet?).