EVE 13.4 LTS Release Notes

Article Published Date: 1/6/2025

These release notes reflect the major functional changes between the current release and the previous LTS (12.0.2-lts). For a detailed change log please see https://github.com/lf-edge/eve/compare/12.0.2-lts...13.4.0-lts.

Linux OS & kernel updates

  • Upgrade Linux kernel version to V6.1.112
  • Include bpftrace package + bpftracecompiler tooling - enables bpf based debugging and analysis. Please see https://github.com/lf-edge/eve/blob/master/eve-tools/bpftrace-compiler/README.md for more details
  • Updated linux firmware and Intel and AMD microcode for increased security and compatibility
  • Upgrade openssh version to 9.8p1. This also addresses CVE-2024-6387, though EVE was not susceptible to this vulnerability
  • Disable generation of kernel memory dumps preserving diskspace
  • Crash kernel memory allocation increased
  • Implement kubevirt hypervisor and the domainmgr support

EVE realtime enhancements

  • EVE kernel can now be built with Linux RT extensions. Currently, this requires building from source.
  • grub/rootfs.cfg: add 'isolate CPU0 (only for PREEMPT_RT)' menu option

Hardware support - drivers & modules

  • Enable RS485 mode for USB_SERIAL_XR_RS485
  • Enable USB_SERIAL_XR_RS485 for EVE
  • Add USB MaxLinear/Exar USB to Serial driver. Version 1G
  • Add Kontron PLD drivers (kempld)
  • Firmware for Kontron wifi device
  • Hailo 8 GPU firmware added
  • Support for Siemens IPC 520A. EVE installs on the NVMe SSD and the eMMC is wiped (preventing it as boot device).
  • Add firmware for Intel AX201NWG and AX211NWG

Support for Nvidia Jetson devices

This release introduces support for Nvidia Jetson hardware platforms. It introduces:

  • Driver+Kernel support aligned with Jetpack 5/Jetson Linux 35.5.0, which supports Jetson Xavier and Jetson Orin devices
  • Xavier NX device support for: Jetson Xavier NX developer kit, Lenovo SE70, and Siemens IPC520A
  • Orin Nano device support for: Jetson Orin Nano developer kit

EVE with Jetson support currently requires building from source (platform=nvidia).

Memory management and troubleshooting enhancements

In this release various memory management and troubleshooting enhancements have been introduced. These include:

  • Optimize memory management when the system is under memory pressure by enabling soft memory limits.
  • Support for cgroup memory limits beyond 4GB for EVE services
  • Go garbage collector changes enabling the collector to respect hard memory limits
  • QEMU patch resolving issues with guest VMs that have limited memory and rely on TPM 2.0. In case not enough contiguous memory is available, relocation of ACPI tables may cause issues with TPM table offsets.
  • Collect memory debug info when under memory pressure events

For details on EVE memory management please see: https://github.com/lf-edge/eve/blob/master/docs/MEMORY-SETTINGS.md

EVE Interactive Installer

This release introduces an interactive EVE installer. This allows configuration of grub.cfg parameters such as the EVE installation disk and the persist disk through a text-based user interface.

The installer is accessible through the grub options menu: Options > Interactive Installer (enter) > (escape) > Boot EVE image.

Configurable flow-logging

Flow-logging is an EVE feature that enables the collection of information about every network flow in an application. This includes attributes such as source/destination IP, source/destination port, applied ACL rules, packet/byte counters, and more.

This capability used to be always enabled, which impacts network bandwidth/controller scaling, and the more complex iptables processing comes at a packet processing overhead. This feature introduces a configurable flow-logging option.

Local network instance with multiple ports

  • Network instance can be now configured with "shared" adapter label, potentially matching multiple device ports. The NI routing table will contain routes from all the selected ports.
  • Adapter labels can also be used to restrict port-forwarding to a subset of NI ports and to create multipath static routes (routes with multiple possible next-hops)
  • For every multipath route, zedrouter will use the recently added portprober to select the best port at a given time (based on the connectivity status, cost, etc.) and also to failover to another port when the currently used port loses connectivity.

Switch network instance with multiple ports

Support for switch network instance with multiple ports has been added:

  • Bridge multiple switches and add redundant links. STP is used to avoid bridge loops.
  • Connect end-devices into the same L2 segment as applications running on the edge node. VLAN access ports are now supported not only for application VIFs, but also for physical device network ports. BPDU guards prevent end-devices from participating in STP.

Physical port - Configurable MTU support

It is now possible to set the MTU inside the Network object assigned to device network port (adapter).

By default (if not set), EVE will set the default MTU size, which depends on the network adapter type. Ethernet and WiFi adapters default to 1500 bytes, while cellular modems typically receive their MTU value from the network provider, which EVE will use unless the user overrides the MTU value.

Network Instances - Configurable MTU support

The MTU for a network instance and all application interfaces connected to it is now configurable. The size does not include the L2 header (ethernet, vlan). The minimum value is 1280 bytes (RFC 8200, "IPv6 minimum link MTU"). If not defined (zero value), EVE will set the MTU to the default value of 1500 bytes.

On the host side, MTU is set to interfaces by EVE. On the guest (app) side, the responsibility to set the MTU lies either with EVE or with the user/app, depending on the network instance, app type and the type of interfaces used (local or switch, VM or container, virtio or other). When EVE acts as the DHCP server (local network instance), the MTU size is propagated to the workload using DHCP option 26.

Add support for PCIe cellular modems

With modern high-speed 4G and 5G modems, it is more and more common to connect the modem over the PCIe bus instead of USB bus. PCIe offers higher speed, lower latency and lower power consumption than USB equivalent, making it perfectly suitable for 5G high speed requirements (up to 20Gbps). Support for PCI modems has been introduced in this release.

Other Networking Enhancements

  • Network instance routing information is now published in a deterministic and easy-to-read order reflecting typical linux routing table ordering.
  • For app-shared interfaces that do not have a DNS server configured, report a warning instead of an error.
  • Increase robustness for making config changes to IP interfaces ('Device or resource busy' errors).
  • When using switch network instances, VMs receive an IP address either through an external DHCP server, or are configured with one statically. EVE monitors DHCP and ARP traffic to learn the assigned addresses and report them to the controller. A new capability was added to deal with multinetted VM interfaces, or VMs with vlan subinterfaces.
  • Cellular network probing has been extended with additional probing methods (ICMP or TCP, possibly more in the future).
  • Added robustness for dealing with wwan modem resets in case modems are not responsive.
  • Generalized the uplinkprober functionality to portprober. This is a building block for the multi-port NI functionality allowing probing to be associated to adapter labels and generalized probing methods.
  • Increased robustness for cellular connections - do not test controller connectivity too fast, as the modem may take time to be fully configured/initialized.
  • NTP statistics reporting: EVE now publishes NTP server statistics to Zedcloud.
  • Increase robustness to deal with invalid network configurations.

Screen resolution for UEFI bootloader applications

This enables configurable screen resolution for VM workloads that rely on an UEFI bootloader (VM mode 'FML').

The value can be set through the app.fml.resolution EVE configuration parameter. Following resolutions are supported: "800x600", "1024x768", "1280x800" and "1920x1080"

Please see: https://github.com/lf-edge/eve/blob/master/docs/CONFIG-PROPERTIES.md

Support for reduced isolation containers on ARM64

Support for Reduced Isolation containers. These containers do not have the standard lightweight virtual machine wrapper that improves security and isolation. This is supported for ARM64 based platforms only and enables container deployment on platforms such as the Nvidia Jetson and similar that do not allow PCI passthrough or virtualization of their GPU/NPU complex.

Configurable VNC access to a container shim-VM

It is now possible to get a VNC console to the shim VM for container applications. This aids troubleshooting container/application issues.

For security reasons VNC access to the shim VM is disabled by default. To enable such access the `debug.enable.vnc.shim.vm` flag has to be set to true. The flag is global per node.

Workload support for Virtual TPM

A software TPM (SWTPM) implementation has been added to EVE. This enables a full Virtual TPM 2.0 instance in VM workloads. The TPM is accessible in VMs like a normal TPM device under /dev/tpm*.

The SWTPM saves and loads the TPM state on/from the disk, so at the next VM boot all the TPM keys, TPM NVRAM data, etc. are present. In addition, SWTPM is configured to encrypt the TPM state files using a 256-bit AES key.

Allow attaching volumes to multiple app instances

Multiple app instances (VMs and/or containers) can now attach to a single block storage container image. This enables shared storage between applications through a volume instance.

Miscellaneous

  • Debuggability - collect-info.sh can now be triggered through Edgeview.
  • The vcomlink agent is a new agent that will be used for communication between the VM and the host.
  • Increased robustness for USB manager.
  • Device model generation uses IO-type IOSUBController for the PCI controller.
  • Support for more than 10 USB controllers in a hardware model.
  • A more accurate reboot reason is now reported after a system went down unexpectedly.
  • Metadata server enhancement - new discover-network.json endpoint allows apps to discover other app instances on the same local network instance.
  • Allow edgeview VNC access even if the app does not get an IP.
  • Address incorrect reporting of disk volume usage spare QCOW images.
Was this article helpful?
2 out of 2 found this helpful