Ubuntu: HWE Hardware Enablement Stacks, LTS, and the Kernel

ubuntuIf you installed (or upgraded to) a later Ubuntu point release:  >= 12.04.2, >=14.04.2, or >=16.04.2, you may now be wondering why the system is warning you upon every login that you will no longer receive security updates.

WARNING: Security updates for your current Hardware Enablement Stack ended on 2016-08-04:
 * http://wiki.ubuntu.com/1404_HWE_EOL

Although the first point releases of an Ubuntu version 12.04.0 and 12.04.1, 14.04.0 and 14.04.1, and 16.04.0 and 16.04.1 maintain support of their kernel version until the standard 5 year End-Of-Life for that long-term release (LTS), subsequent point releases do not hold the same schedule.

14-04-x-ubuntu-kernel-support-scheduleThe reason why is that subsequent point releases ship with an updated kernel and X stack that require upgrade in order to maintain support. Referring to the support schedule above as an example, you can see that 14.04.3 was released with the Wily 15.04 Vivid HWE stack, and only supported for 12 months before requiring an upgrade to 14.04.5 and the Xenial 16.04 HWE.

If you want to maintain support of a newer Ubuntu point release, you must update the kernel (server) and graphics stacks (if applicable), in order to maintain support until the 5-year EOL date of the LTS.

The good news is that this is not difficult, and can be done with a  standard apt-get.  And remember, upgrading the kernel is not the same as upgrading the Ubuntu distribution. An an example, updating 14.04.5 to the v4.4 kernel does not mean that you will be forced into Systemd (which was not introduced until 15.04).

To check if your system is affected, start with:

hwe-support-status --verbose
hwe-support-status --show-replacements
hwe-support-status --show-all-unsupported

The Ubuntu page lists the following command to bring a 14.04 server up to the proper kernel level:

apt-get install --install-recommends linux-generic-lts-xenial

You can also use

apt-get install --install-recommends `hwe-support-status --show-replacements` -y

Reboot the machine and check the ‘hwe-support-status –verbose’ again, and there should be a response that your system is once again supported for the full LTS life.

Your Hardware Enablement Stack (HWE) is supported until April 2019.

 

REFERENCES

https://wiki.ubuntu.com/1404_HWE_EOL

https://wiki.ubuntu.com/Kernel/LTSEnablementStac

https://ubuntuforums.org/showthread.php?t=2334515&p=13533598#post13533598

https://ubuntuforums.org/showthread.php?t=2334371&page=4

http://askubuntu.com/questions/500508/how-does-lts-combine-with-hwe-out-of-support

https://ubuntuforums.org/showthread.php?t=2234693

https://help.ubuntu.com/community/AutomaticSecurityUpdates

(kernel version)
uname -a

(point release)
lsb_release -a

(check for pkg updates)
/usr/lib/update-notifier/apt-check --human-readable

(remove old kernel/graphic packages)
apt-get remove $(hwe-support-status --show-all-unsupported)

(check for security updates)
unattended-upgrade --dry-run -d | grep 'Checking' | grep security | awk '{ print $2 }'