Ubuntu server 20.04 unattended-upgrades installing bionic kernel

Question

I upgraded Ubuntu 18.04 server to Ubuntu 20.04 server last month. All appeared to go well. Unattended-upgrades ran this morning and installed /linux-generic-hwe-18.04_5.4.0.86.90_amd64.deb. I could find no reason that the Bionic version was installed. I presume that the Focal version should have been installed based on the Ubuntu site https://ubuntu.com/security/notices/USN-5086-1.

I had enabled the hardware enablement stack on my old 18.04 install. It seems to be related based on the .deb file name but I can't determine how this might be effecting things.

Here is the relevant portion of /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    // Extended Security Maintenance; doesn't necessarily exist for
    // every release and this system may not have it installed, but if
    // available, the policy for updates is such that unattended-upgrades
    // should also install from here by default.
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
//  "${distro_id}:${distro_codename}-updates";
//  "${distro_id}:${distro_codename}-proposed";
//  "${distro_id}:${distro_codename}-backports";
};

Here are the relevant portions of the logs:

Sep 23 06:08:10 n1 systemd[1]: Starting Daily apt upgrade and clean activities...
Sep 23 06:08:11 n1 apt.systemd.daily[51295]: verbose level 1
Sep 23 06:08:12 n1 apt.systemd.daily[51295]: check_stamp: interval=86400, now=1632369600, stamp=1632283200, delta=86400 (sec)
Sep 23 06:08:13 n1 unattended-upgrade[51326]: Enabled logging to syslog via daemon facility
Sep 23 06:08:13 n1 unattended-upgrade[51326]: Starting unattended upgrades script
Sep 23 06:08:13 n1 unattended-upgrade[51326]: Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
Sep 23 06:08:13 n1 unattended-upgrade[51326]: Initial blacklist:
Sep 23 06:08:13 n1 unattended-upgrade[51326]: Initial whitelist (not strict):
Sep 23 06:08:27 n1 unattended-upgrade[51326]: Packages that will be upgraded: linux-generic linux-generic-hwe-18.04 linux-headers-generic linux-headers-generic-hwe-18.04 linux-image-generic linux-image-generic-hwe-18.04
Sep 23 06:08:27 n1 unattended-upgrade[51326]: Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log

Here is the output of sudo apt update and apt list --upgradable -a:

sudo apt update
[sudo] password for bob: 
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1,222 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [14.3 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [855 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages [874 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [8,716 B]
Get:10 http://us.archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages [639 kB]
Fetched 3,941 kB in 3s (1,185 kB/s)                   
Reading package lists... Done
Building dependency tree       
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
apt list --upgradable -a
Listing... Done
ca-certificates/focal-updates,focal-security 20210119~20.04.2 all [upgradable from: 20210119~20.04.1]
ca-certificates/now 20210119~20.04.1 all [installed,upgradable to: 20210119~20.04.2]
ca-certificates/focal 20190110ubuntu1 all

I don't have any held upgrades according to apt and my sources.list file only references focal sources.

I have had no problems with my system, but I want to fix the issue (if there is one) before I end up with an unstable system. If there is something I'm missing, please point me in the right direction. I could find nothing on-point and the system doesn't seem to have any incompatibilities.

Answer 1

Based on user535733's comments, I found the following post (Ubuntu 20.04 - How can I enable HWE?) that explains how to enable HWE on 20.04 server. The command for Focal Fossa server is:

sudo apt install --install-recommends linux-generic-hwe-20.04

I did a little more searching and found additional information on Focal Fossa, the hardware enablement stack, and the difference between desktop and server installations of Focal Fossa. All of this is here: https://wiki.ubuntu.com/Kernel/LTSEnablementStack and at the forum link above.

My experience of 20.04 LTS server running a 18.04 LTS HWE kernel seems to be based on a difference in the way Focal Fossa (20.04 LTS) installation behaves in an upgrade from 18.04 LTS versus a fresh install. This is described very obtusely in the comments to this forum answer: https://askubuntu.com/a/1314330 where the following exchange occurred in the comments:

Thanks - all good now. Btw, why didn't it get automatically installed? My other pc, with a fresh 20.04.1 installation did upgrade to 5.8 automatically as part of dist-upgrade, whilst my main pc, an upgrade from 18.04.3, did not (had to run this command). – Emanuele Feb 8 at 8:23

It is by design. You installed from a 20.04 iso. – Pilot6 Feb 8 at 8:30

I am still not sure why the release upgrade from 18.04 LTS server to 20.04 LTS server did not "undue" the 18.04 HWE, but it did not. In fact, before I enabled HWE on my server install of 20.04.03, I had the following hwe status:

hwe-support-status --verbose
You are not running a system with a Hardware Enablement Stack. Your system is supported until April 2025.

Even though the upgrade had installed the 18.04 HWE kernel that instigated my initial question above. I hope this helps someone having the same issues/questions as me: Why is my 20.04 LTS server running a 18.04 LTS HWE kernel?