Which kernel parameters for recompilation have to be changed because I cannot load unsigned or self-signed modules?

Question

I am on Ubuntu 16.04.1 LTS/32 bits (non uefi) with the kernel 4.4.0-59-generic and a non uefi (normal bios) motherboard. I want to recompile the kernel because I cannot load unsigned or self-signed modules (it is a bug in Ubuntu). Rod Smith recommended to recompile the kernel. Which kernel parameter do I have to change? My list of parameters to change from y to n is:

CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_MODULES_USE_ELF_REL=y

Are these kernel parameter changes reasonable and do I need more parameters?

============= update ===============================================

I have disabled the following 26 parameters:

CONFIG_SYSTEM_DATA_VERIFICATION=y
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_UEFI=y
CONFIG_MODULE_SIG_SHA512=y
CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
CONFIG_ACPI_BGRT=y
CONFIG_FB_EFI=y
CONFIG_EFI_VARS=y
CONFIG_EFI_ESRT=y
CONFIG_EFI_VARS_PSTORE=m
CONFIG_EFI_RUNTIME_MAP=y
CONFIG_EFI_RUNTIME_WRAPPERS=y
CONFIG_EFI_TEST=m
CONFIG_EFIVAR_FS=y
CONFIG_EARLY_PRINTK_EFI=y
CONFIG_TRUSTED_KEYS=y
CONFIG_SIGNED_PE_FILE_VERIFICATION=y
CONFIG_EFI_SIGNATURE_LIST_PARSER=y
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_UCS2_STRING=y

Answer 1

This one

CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=n

is enough to load an unsigned kernel or unsigned modules.