LVM installs and encrypted installs use a separate /boot partition. The partition by default is capable of holding only four or five kernels, and can fill to capacity quickly. To prevent your /boot partition from getting full, you need to configure automatic removal of old kernels, or manually remove old kernels regularly.

Changing the kernel providing packages on your system requires commands with root access, so please read RootSudo.

Regular Maintenance

Removing old kernels is easy to do on a system with sufficient free space in your root parition or separate boot partition. You can remove them manually, or configure unattended-upgrades to do it automatically. If you receive or have received an error from a package management tool, manual removal may not work until the problem is fixed. See Problems section.

Manual Maintenance

Using Apt

You can remove old kernels with a simple autoremove command in a terminal:

sudo apt-get autoremove --purge

Note: In Ubuntu 14.04, because of Bug #1439769 this works only, if you have installed security updates automatically, and not manually by e.g. Software Updater, see in this section on how to configure it.

The packages to remove are determined based in part on whether the package is marked as manually or automatically installed. You can check if a kernel providing package is marked as automatically installed using this command in a terminal:

apt-mark showauto 'linux-image-.*'

or to see if it is marked as manually installed:

apt-mark showmanual 'linux-image-.*'

In the event some kernel providing packages are marked as manual (possibly because they were installed via 'apt-get') and you want them autoremoved, you can change the status of the package using apt-mark auto and the package name. For example, to mark kernel 4.12.0-12-generic as autoremovable:

sudo apt-mark auto '^linux-.*-4\.12\.0-12(-generic)?$'

Note: apt-get autoremove will not remove all automatically installed old kernel providing packages as fallback versions are kept; the list of kept kernels is maintained and automatically updated in the file /etc/apt/apt.conf.d/01autoremove-kernels as a list of matching regular expressions.

Other Methods

If you want to purge one specific kernel providing package you can do so via the following command in a terminal:

sudo apt-get purge linux-image-4.12.0-12-generic
sudo dpkg --purge linux-headers-4.12.0-12 linux-headers-4.12.0-12-generic

This will also purge the corresponding linux-image-extra package if it is installed e.g. linux-image-extra-4.12.0-12-generic. It will not purge linux-headers-4.12.0-12, if there is another linux-headers-4.12.0-12 flavor installed besides -generic.

If you just need to purge kernels selectively, you may benefit from this answer with unofficial code, if the system is not already broken.

There is an unofficial script for purging kernels; it is called linux-purge. By it you can purge kernels selectively, or choose to keep given number of older kernels and remove other depending on options given. It can do do even some fixing (with --fix option), if system is already broken; that is a kind of scripted version of what is told in chapter Safely Removing Old Kernels.

Automatic Maintenance

The unattended-upgrades package, included with the default install of all Ubuntu flavors, includes a feature to remove unused packages automatically. Enabling this feature is a two-step process in Ubuntu 14.04.

Enable Unattended Upgrades (Ubuntu 14.04)

In Ubuntu 16.04 and later unattended-upgrades is enabled by default, however in Ubuntu 14.04 you will need to enable it either via the GUI or a command-line. Note: There is a separate documentation about setting up automatic security updates.


Enable unattended upgrades using Software & Updates application's "Updates" tab:

  • Check the box for *-security (and/or any other repositories you wish)
  • Automatically check for updates: Set to any frequency (except 'Never')
  • When there are security updates: Set to Download and Install Automatically

Shell Way

sudo dpkg-reconfigure -plow unattended-upgrades

By default this installs available security updates every day. If you want to change which sort of packages it will upgrade (if any), or how often, see here for details.

Configure Unattended Upgrades to Remove Unneeded Kernels Automatically

Note: The following methods will only remove kernels that are marked as being automatically installed as described above. In Ubuntu 16.04 kernels installed by Software Updater are marked as being automatically installed. In Ubuntu 14.04 only kernels installed by unattended-upgrades are marked as being automatically installed. See bug #1439769 for details.

Note: This way will not remove all automatically installed old kernel providing packages as fallback versions are kept; the list of kept kernels is maintained and automatically updated in the file /etc/apt/apt.conf.d/01autoremove-kernels as a list of matching regular expressions.

The second step is to edit old configuration file to enable automatic removal, or preferably create an overriding new configuration file where you need to write only options that you change from the default or from the values defined in the shipped one, because updates to shipped configuration file may conflict with the local changes blocking updating unattended-upgrades itself.

The default configuration file is

  • /etc/apt/apt.conf.d/50unattended-upgrades

You could name the new one as /etc/apt/apt.conf.d/52unattended-upgrades-local

See here for reference.

Option for All Ubuntu Releases

The following setting configures unattended-upgrade to remove unused dependencies after an unattended upgrade.

Make sure the configuration file contains line

Unattended-Upgrade::Remove-Unused-Dependencies "true";

(and that it is not commented out; comments start with '//'.)

Thereafter unattended-upgrades will automatically remove packages providing old kernels as part of unattended upgrade. (It does not purge them, however.) It also removes other unneeded packages, as well, which is or is not what you want.

Options for Ubuntu 16.04 and Newer

Unattended-upgrades version 0.90 supports a new configuration variable called Unattended-Upgrade::Remove-New-Unused-Dependencies that makes possible to automatically remove only packages that become excessive during a run of unattended-upgrades. It is enabled i.e. "true" by default. The way this is designed, it is important that you let unattended-upgrades handle installation of security updates. Otherwise unattended-uprades will not remove old kernels and you may have to do some manual removing of kernels.

Version 1.1 that is also currently available for Ubuntu 16.04 adds yet another option called Unattended-Upgrade::Remove-Unused-Kernel-Packages. It removes unused kernel packages before installing new one (or even if nothing is installed). It is enabled by default, too.


If your package management is broken, or if regular maintenance above is not working, any of several problems may have occurred. You may be out of storage space, or you may have a package version mismatch, or you may have another problem.

Safely Removing Old Kernels

For users of LVM systems, encrypted systems or limited-storage systems, the most frequent problem is that the /boot partition is simply full. The package manager cannot install a pending upgrade due to lack of space. Addiitionally, apt-get can not remove a package due to broken dependency.

This problem can be fixed from the shell: by manually remvoing one or two old kernels, we can provide the package manager enough space to install the queued upgrade.

First remove any leftover temporary files from previous kernel updates.

$ sudo rm -rv ${TMPDIR:-/var/tmp}/mkinitramfs-*

Determine the version number of the currently running kernel, which you DO NOT want to remove.

$ uname -r

List all the kernels, including the booted one (4.2.0-21-generic in this example), in the package database and their statuses.

$ dpkg -l | tail -n +6 | grep -E 'linux-image-[0-9]+'

rc  linux-image-4.2.0-14-generic  ## The oldest kernel in the database
                                  ## Status 'rc' means it's already been removed
ii  linux-image-4.2.0-15-generic  ## The oldest installed kernel. Removable.
                                  ## Status 'ii' means Installed.
ii  linux-image-4.2.0-16-generic  ## Another old installed kernel. Removable.
ii  linux-image-4.2.0-18-generic  ## Another old installed kernel. Removalbe.
ii  linux-image-4.2.0-19-generic  ## The previous good kernel. Keep.
ii  linux-image-4.2.0-21-generic  ## Same version as 'uname -r', package for the current kernel. DO NOT REMOVE.
iU  linux-image-4.2.0-22-generic  ## DO NOT REMOVE. Status 'iU' means it's not installed,
                                  ## but queued for install in apt.
                                  ## This is the package we want apt to install.

To free space in /boot we'll remove an initrd.img file for a suitable old kernel manually, this is necessary due to a kenel packaging bug.

$ sudo update-initramfs -d -k 4.2.0-15-generic

Now we'll use dpkg in order to TRY to purge the kernel package for the same old kernel:

$ sudo dpkg --purge linux-image-4.2.0-15-generic

NOTE: The previous command will probably fail, as there probably is a depending linux-image-extra package installed together with a 'generic' kernel package. In general, the output of the previous command will tell which package you need to remove first. In this example case you would run

$ sudo dpkg --purge linux-image-4.2.0-15-generic linux-image-extra-4.2.0-15-generic

Finally, we will fix the package installation process that previously failed.

$ sudo apt-get -f install         ## Try to fix the broken dependency.

If the last command fails due to insufficient disk space in /boot, you have to purge another kernel (e.g. linux-image-4.2.0-16-generic) same way. Otherwise you could continue to chapter Manual Maintenance to remove more kernels. Make sure the linux-headers packages respective to the kernels purged above will also be purged.

Unmet Dependency Errors

If you have ignored apt and dpkg errors for a while, then some packages may have upgraded while others did not. This is an expected follow-on effect. You will see mysterious, persistent version errors upon normal upgrades.

The simple way to fix most version mismatch errors is to update the package database, clean out the package cache, and download-and-reinstall the newer version of the offending package.

This is easier than it sounds. For example, if the 'hello' package is one of those unmet dependencies:

$ sudo apt-get update                      ## Update the package database
$ sudo apt-get clean hello                 ## Delete the hello package from the local cache
$ sudo apt-get install --reinstall hello   ## Download and reinstall the latest version of hello

Oops, Removed All Kernels!

If you got a bit carried away and deleted all the kernels, you fall into the "You did WHAT?!?!" class. You will be pleased to know that you are not the first, nor will be the last, person to do this. Get your LiveCD and head over to GRUB reports no operating system.

RemoveOldKernels (last edited 2020-09-26 09:58:55 by jarnos)