If you’ve recently upgraded to Ubuntu 22.10 from version 22.04, you might have encountered an unfamiliar sequence of warning messages during the boot process.
Those repetitive lines stating “blacklist: Problem blacklisting hash (-13)” can certainly raise concerns for system administrators and Ubuntu enthusiasts alike. But before you start worrying about system integrity or performance issues, let me share some insights from my experience troubleshooting this exact problem.
As an IT professional who’s managed dozens of Ubuntu server deployments, I’ve seen this message appear on multiple systems after the 22.10 update. The good news? Despite its ominous appearance, this message doesn’t actually prevent your system from functioning properly. In this comprehensive guide, I’ll explain what causes this message, why it’s appearing now, and what steps you should consider taking (or not taking).
Read: How to Manage Ubuntu Boot Services: List, Start, and Stop Systemd Services at Startup
The “blacklist: Problem blacklisting hash (-13)” message relates to Ubuntu’s secure boot mechanism and how the kernel manages cryptographic hashes. Specifically, it appears when the system encounters issues with the blacklisting of certain cryptographic signatures that are used to validate components during the boot process.
When Ubuntu 22.10 was released, it included kernel version 5.19, which introduced enhanced security measures for the secure boot process. These improvements were designed to better protect against potential malicious signatures by hardening the security mechanism that manages blacklisted hashes.
The reason this message wasn’t present in Ubuntu 22.04 but appears in 22.10 is quite interesting. It’s not that the issue didn’t exist before—it’s that the newer kernel version in 22.10 is more verbose about reporting these issues. In essence, the update has made the system more transparent about potential firmware inconsistencies that were previously hidden.
According to kernel developers, this isn’t actually a bug in Ubuntu, but rather an indication of potential issues with certain motherboard firmware implementations. The message is essentially revealing pre-existing problems with how some firmware handles secure boot keys and hash blacklisting.
Read: How to Troubleshoot and Optimize Ubuntu Startup: Manage Systemd Services for Faster Boot Time
From my experience managing multiple Ubuntu systems, I can confirm that this message is a warning, not an error that impacts system functionality. Here’s why you shouldn’t be too concerned:
During my testing across various hardware configurations, I’ve observed that these messages appear more frequently on systems with older BIOS/UEFI firmware, particularly those from before 2018. On newer systems with regularly updated firmware, the messages are less common.
The core issue relates to how certain motherboard firmware implementations handle secure boot keys and hash management. When the kernel attempts to blacklist specific cryptographic hashes (a security measure to protect against malicious signatures), it encounters resistance from firmware that doesn’t properly implement the secure boot standard.
Error code “-13” specifically corresponds to the EACCES error in Linux, which typically indicates a permission problem. In this context, it means the kernel cannot properly add entries to the blacklist due to limitations or inconsistencies in the firmware implementation.
As one kernel developer explained in the patch discussion:
“We should not hide EACCES errors. This logs issues, which is correct for duplicate hashes, and can help firmware vendors to fix their database.”
This highlights an important point: the messages are intentionally left visible to help identify firmware that needs updating.
Based on my experience resolving this issue across multiple systems, here are the recommended steps:
First and foremost, visit your motherboard or system manufacturer’s website to check for any firmware updates. Manufacturers like Dell, Lenovo, ASUS, and others may have released updates that address these secure boot implementation issues.
For example, on a Dell system I managed, a BIOS update from 2023 resolved the issue completely by improving the secure boot implementation.
If no firmware update is available, consider reporting the issue to your manufacturer’s support team. Here’s a template you can use:
Subject: Firmware issue with secure boot hash blacklisting in Ubuntu 22.10
I'm experiencing warning messages during boot on my [YOUR SYSTEM MODEL] when running Ubuntu 22.10. The message "blacklist: Problem blacklisting hash (-13)" appears multiple times during startup.
This issue has been identified as a firmware implementation problem related to secure boot hash blacklisting. Linux kernel developers have confirmed this indicates a need for firmware updates to properly implement the secure boot standard.
Could you please investigate this issue and provide a firmware update that correctly implements the secure boot hash blacklisting functionality?
System details:
- Model: [YOUR SYSTEM MODEL]
- Current BIOS/UEFI version: [YOUR FIRMWARE VERSION]
- OS: Ubuntu 22.10
- Kernel: [YOUR KERNEL VERSION]
Thank you for your assistance.
It’s crucial to understand that while disabling secure boot might remove these messages, doing so would compromise your system’s security posture. Similarly, clearing secure boot keys is not recommended as a solution to this issue.
As the kernel developers explicitly stated:
“You should not remove blacklisted hashes (i.e., do not clear secure boot keys), this is a security measure to protect against malicious signatures.”
If you’re curious about whether this issue affects all kernel versions, you can test by booting with different kernels from the GRUB menu:
In my testing, I found that kernel versions prior to 5.19 typically don’t display these messages, not because the issue doesn’t exist, but because those kernel versions didn’t implement the enhanced reporting mechanism.
Read: How to fix Ubuntu boot issues
For IT administrators who want to understand the technical details, let’s examine what’s happening at the kernel level.
The issue was discussed in a kernel patch proposal that aimed to improve the error messaging. The key insight from this discussion is that the kernel developers intentionally decided to keep these messages visible rather than hiding them, as they serve as important indicators of firmware issues.
The error code “-13” (EACCES) was being generated when the kernel attempted to add entries to the secure boot blacklist but encountered resistance from the firmware. The proposed patch suggested changing duplicate entry errors from EACCES to EEXIST and using pr_warn for this specific case to make the messages more descriptive and less alarming.
To better understand when and why these messages appear, let’s look at the secure boot process:
This process is crucial for maintaining system security, which is why disabling secure boot is not recommended as a solution.
In my role managing IT infrastructure, I’ve observed this issue across various hardware configurations. Here’s what I’ve seen:
One particularly interesting case involved a fleet of identical Dell laptops, where only those that hadn’t received the latest firmware update displayed the messages. After updating the firmware on all systems, the messages disappeared entirely.
This issue isn’t unique to Ubuntu 22.10. Similar messages have been observed in:
The common denominator is the kernel version, not the specific distribution. This further confirms that the issue is related to how newer kernels interact with firmware implementations rather than being Ubuntu-specific.
The “blacklist: Problem blacklisting hash (-13)” messages in Ubuntu 22.10 are warnings, not errors that affect system functionality. They indicate potential issues with your system’s firmware implementation of secure boot standards rather than problems with Ubuntu itself.
While you can safely ignore these messages if your system is functioning normally, the ideal solution is to check for and apply firmware updates from your system manufacturer. If no update is available, consider reporting the issue to help manufacturers improve their firmware implementations.
Remember: don’t disable secure boot or clear secure boot keys as a workaround, as doing so would compromise your system’s security posture. Instead, treat these messages as informative warnings that highlight areas where hardware manufacturers need to improve their firmware implementations.
A: No, these messages are warnings only and do not impact system performance, stability, or functionality.
A: No, disabling secure boot would remove a crucial security feature. The messages are harmless and don’t affect system operation.
A: Future kernel updates may improve how these messages are displayed, but the underlying issue requires firmware updates from hardware manufacturers.
A: Visit your manufacturer’s support website and search for your specific model. Look for BIOS or UEFI firmware updates in the downloads section.
A: No, the messages are specifically related to secure boot hash blacklisting and won’t appear if secure boot is disabled. However, keeping secure boot enabled is recommended for security reasons.
A: The kernel version in Ubuntu 22.10 (5.19) includes enhanced reporting for secure boot issues that were previously hidden. The issue likely existed in 22.04 but wasn’t being reported.
A: While the issue can affect any system, it’s more common in older hardware (pre-2018) and systems with outdated firmware.
A: Upgrading to a newer Ubuntu version might change how these messages are displayed, but won’t address the underlying firmware issue. A firmware update is the proper solution.
A: It’s not recommended to suppress these messages as they provide valuable information about firmware issues. Instead, focus on addressing the root cause through firmware updates.
A: This issue affects any Linux distribution using kernel 5.19 or newer, not just Ubuntu 22.10.
The post Ubuntu 22.10 Boot Warnings: How to fix the “blacklist: Problem blacklisting hash (-13)” Boot Message in Ubuntu 22.10 appeared first on net2.
When developing software, particularly in languages like C and C++, crashes are inevitable. The dreaded…
Have you ever been working in your Ubuntu terminal when suddenly that jarring error sound…
If you’ve recently upgraded to Ubuntu 16.04 or newer with MySQL 5.7+, you might have…
When working with virtual machines, you’ll likely encounter the frustrating error message: “This system is…
Managing users and groups effectively is one of the most fundamental skills for any Linux…
Have you ever been in the middle of updating your Ubuntu container with a simple…