How to remove kernel updates from upgrade stream?

I have built and installed a more recent kernel (6.1.7), and no longer wish to update with the older version (5.*).

Is there a way to tell the package management system to skip these updates?

For example:

$ sudo apt-get upgrade

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  linux-generic-hwe-22.04 linux-headers-generic-hwe-22.04
  linux-image-generic-hwe-22.04
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

I prefer to keep my current kernel, and not install this older one.

$ uname -a

Linux Machine 6.1.7 #2 SMP PREEMPT_DYNAMIC Wed Jan 18 09:26:45 MST 2023 x86_64 GNU/Linux

Can this be done?

This solution indicates the following:

That looks great, I did not know to solve it this way. There are other offers related to non attended updates that place a blacklist entry in "/etc/apt/apt.conf.d/50unattended-upgrades".

So the question is, what of the "amd64-microcode", "intel-microcode", and "iucode-tool" entries?

Is the blacklist approach better, and if so where would it be placed in the apt.conf.d files?

Can apt-mark solve this also?

I am not sure.

This posting is close to the answer:

how to exclude kernel updates from unattended upgrades

Thanks for your help!

$ sudo apt remove linux-image-generic-hwe-22.04
[sudo] password for machine: 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  amd64-microcode intel-microcode iucode-tool linux-headers-generic-hwe-22.04
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  linux-generic-hwe-22.04 linux-image-generic-hwe-22.04
0 upgraded, 0 newly installed, 2 to remove and 1 not upgraded.
After this operation, 43.0 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

My reservations are with the removal of the microcode entries?

The bindings seem to say that passing beyond the current major rev of kernel leaves some needed things behind.

Sure it can. Easily.

However, there's a big drawback: No more automatic security patches. When you roll your own kernel, mitigating CVE's is now on your shoulders. If that's okay with you, then proceed:

1. Uninstall the metapackage that updates the pre-built kernel binary packages. Since you were running the 22.04 HWE kernel, that would be linux-image-generic-hwe-22.04

   sudo apt remove linux-image-generic-hwe-22.04
   

   This won't remove your currently-installed Ubuntu-provided kernels. It will merely keep new kernels from being downloaded and installed.

2. Review your installed Ubuntu-provided kernel binary packages. You can view these at the GRUB prompt, or by using dpkg -l | grep linux-image | grep ii. Decide which, if any, you want to keep or remove. Advice: Keep one tested good kernel. It doesn't hurt to have a known good kernel if you have a bad day.

3. If you wish someday to revert to using the Ubuntu-provided pre-built kernels, simply re-install the metapackage. It will automagically pull in the latest kernel for your release (that's the whole purpose of the metapackage).

   Note that the metapackage name is different for each release of Ubuntu, so don't try using that metapackage on 20.04 or 24.04.

4. Your output shows that you also have kernel source code, perhaps from previous cycles of building your own kernel: linux-generic-hwe-22.04 and linux-headers-generic-hwe-22.04. Since these will pull in 5.x kernel source that you apparently are not using anymore, remove those metapackages too. And the packages they pulled in (use dpkg -l | grep linux-generic | grep ii and dpkg -l | grep linux-headers-generic | grep ii). Check version numbers carefully to avoid uninstalling sources that you are still using!