“Hash sum mismatch” error due to identical SHA1 and MD5 but different SHA256

Try this before running apt:

$ sudo bash
# mkdir /etc/gcrypt
# echo all >> /etc/gcrypt/hwf.deny

Because apt uses the sha256 method from libgcrypt20, but optimized too much. We can opt out of these optimizations using the configuration file /etc/gcrypt/hwf.deny.


info gcrypt section 16 says:

/etc/gcrypt/hwf.deny

This file can be used to disable the use of hardware based optimizations, see hardware features.

info gcrypt section 2.7 then says:

Libgcrypt makes use of certain hardware features. If the use of a feature is not desired it may be either be disabled by a program or globally using a configuration file.


Disable Windows Subsystem For Linux and Virtual Machine Platform if you're using Windows and VirtualBox. Happened to me when trying to install lubuntu 20.04 using VirtualBox 6.0.4 and WSL2 was enabled.


EXPLANATION and Solution: Quick Fix

This issue is caused by the Windows Hypervisor Platform. This issue cannot be resolved for now (asfar as I know).

A partial fix is at hand though. And I say"partial" because it involves disabling the platform (also known as"Hyper-V") which will probably break other virtualization solutions you have installed since this is enabled manually. Anyway, here's how to disable it and get your VM running again,

  1. Shut down the Virtual Machine.

  2. Press Windows logo key + X, then hit A to run Command Prompt(powershell) as administrator.

  3. Type bcdedit /set hypervisorlaunchtype off

4.When you see"The operation completed succesfully", reboot your windows. After reboot, boot your VM and update/upgrade.


The file from the jp... archive is correct also, so it must be your copy of sha256sum that is borked. Confirm the sha256sum executable you are running is in /usr/bin, and if it is not, remove the identified executable which is earlier in your path than /usr/bin. If it is, download the coreutils package from the primary Ubuntu archives, and reinstall coreutils.