EVE-OS 16.0 LTS Release Notes

Article Published Date: 1/7/2026

The latest 16.0 LTS version is https://github.com/lf-edge/eve/releases/tag/16.0.0-lts 

For a change log between 14.5.2-lts and 16.0, see: https://github.com/lf-edge/eve/compare/14.5.1-lts...16.0.0

New Features

EVE-k

EVE-k is an EVE-OS variant with bare-metal Kubernetes support that enables AI workloads on Edge Node Clustering and ZEDEDA Edge Kubernetes Service, which serves as the infrastructure foundation for ZEDEDA Edge Kubernetes App Flows. EVE-k replaces EVE-Kubevirt, introduced as early-access in EVE-OS 14.5.0 LTS.

• For a comfortable deployment with headroom, we recommend all the edge nodes be of the same hardware type/model with 12 core CPUs, 16 GB RAM, and enterprise-grade NVMe SSDs for EVE persistent storage for optimal performance. 
• For runtime, EVE-k consumes approximately 4 GB minimum of memory and 2 vCPUs if used for clustering.
• It is recommended, though not strictly required, to separate the management traffic from the cluster traffic. 
• You cannot update from EVE-kvm to EVE-k and vice versa.

Tie-Breaker Node Support for Clustering 

This feature requires EVE-k. A typical clustering setup relies on three nodes to ensure quorum, because an odd number of members helps the cluster consistently determine the “majority” during decision-making. With three nodes, the system can tolerate the loss of one node while still maintaining consensus, preventing split-brain scenarios and ensuring that the cluster remains available and authoritative even under partial failure. 

This release enables 2+1 edge-node clusters where one of the nodes can be a small controlplane node only (the tie-breaker). Using a small controlplane node can be less expensive than a regular node, since the minimum requirements for the two edge nodes that are designated for HA are: the same hardware type/model with a minimum of 12 core CPUs, 16 GB RAM, and NVMe SSDs for EVE persistent storage for optimal performance. 

NVIDIA Jetson JetPack v6.0 Support for EVE-k

This release introduces initial support for the Jetson JP6 series of NVIDIA hardware for EVE-k, allowing you to run products and features such as ZEDEDA Edge Kubernetes Service, ZEDEDA Edge Kubernetes App Flows, and ZEDEDA Edge Node Clusters. 

Enhancements

Linux OS & Kernel Updates

• Kernel Updates for ARM64 Platforms: Updated kernel for ARM64 platform variants: 
  • v6.1.112 for generic ARM variants 
  • v5.10.192 for nvidia-jp5 images aligned with upstream 
  • v5.15.136 for nvidia-jp6 images aligned with upstream
• FML-based Edge App Boot Screen: FML based Edge Apps now show an EVE-OS logo on the boot screen.
• Hailo TPU Firmware Update: Updated Hailo TPU FW and kernel drivers to 4.21.0.
• Kernel Updates for AMD64: The EVE-OS kernel for AMD64 edge nodes has been upgraded to version 6.12.49. The Real-Time (RT) kernel is also now based on this version. 

Trusted Platform Module & Security

• Improved vTPM Reliability and Diagnostics: Improved virtual TPM (vTPM) reliability by automatically backing up the software TPM (SWTPM) state before every write. EVE-OS now performs a health check on the vTPM before an application starts. If corruption is detected, the vTPM is automatically restored from its backup or reset to a default state. This prevents application boot failures caused by vTPM state corruption. Additionally, SWTPM logs and PCRs are now included in edge node diagnostic reports for troubleshooting.
• Removed TPM Event Log Parsing: Removed TPM event log parsing and sending in attestation. TPM event logs are now being sent "as is" as a binary blob in the attestation request, so that they can be used for validation in the future. 
• Configurable vTPM (per-VM): Added the ability to enable or disable vTPM on a per-VM application basis. By default, a vTPM is enabled, but it can be set to disabled through app configuration.
• Kernel Module and fTPM Driver Updates: Enabled kernel module compression and enabled fTPM drivers for the NVIDIA platform.
• TPM Reset Attack Detection: Added TPM reset attack detection using ephemeral null-hierarchy primary key comparison (gated by CONFIG_TCG_TPM2_HMAC).
• Nonce Length Validation: Validated nonce length against the TPMT_HA size limit before TPM quote requests to prevent tpm2.Quote failures.
• TPM2 ECCPoint Encoding: Fixed an issue with tpm2.ECPoint encoding by ensuring ECC integers are correctly padded to match curve size, preventing errors on TPMs not conforming to spec v1.38 or later.
• AppArmor Profile for vTPM: Fixed an issue where an AppArmor security profile incorrectly blocked the virtual TPM (vTPM) from writing boot variables, causing "DENIED" errors. The profile is now corrected, ensuring that applications relying on vTPM function as expected.

Self-Monitoring, Analysis, and Reporting Technology Metrics

• S.M.A.R.T. Disk Reporting: Enhanced S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) disk reporting: temperature is now converted from Kelvin to Celsius, added missing "temperature sensor" attributes from the NVMe report, and fixed "Unknown attribute" names in the SATA report when possible.
• Threshold Data Display: Properly shows the threshold data of the SMART attributes of storage devices in the ZEDEDA GUI.

Troubleshooting & Local UI (TUI)

• Local UI (TUI) Improvements: IPv6 addresses are correctly supported in the TUI, and manual proxy configuration is now supported.
• Conntrack Table Dump: Added a conntrack table dump to the collect-info bundle.
• Collect-Info Naming Convention: The tar file generated from the collect-info script now contains either the UUID of the device (if onboarded) or the serial of the device (if not onboarded). The new name format is eve-v37-UUID or Serial-DATE.tar.gz.
• Collect-Info Before Watchdog Reboot: Run collect-info before the watchdog reboots the device to capture the state.
• bpftrace Tool: Added the bpftrace tool to check Linux capabilities.

Observability

• Prometheus-Compatible Metrics Collection: Node_exporter has been added as a system service to enable Prometheus-compatible metrics collection. The EVE-OS metadata server, available from inside an application instance, has been enhanced with a /metrics endpoint to retrieve the metrics in your app stack. Scraping requests are rate-limited to one per second for a given source IP, with a burst of up-to 10 per second. These settings are controllable through the msrv.prometheus.metrics EVE-OS settings. 
• Vector: Added Vector as a tool to build dynamic pipelines for internal logs and metrics at the edge.

Networking

• Configurable PDP Settings for LTE: Added support for user-configurable PDP settings for the LTE attach bearer. If modem profiles or the network do not provide correct APN settings, you can now specify attach_* fields inside CellularAccessPoint. Defaults to modem/network configuration if unspecified.
• QMI Firmware Update Utility: Added the qmi-firmware-update utility to the WWAN container in EVE-OS. This allows you to upgrade the firmware of supported cellular modems (those using the QMI interface) directly from the edge node, eliminating the need to install separate tools.
• LLDP Frame Forwarding (LLDP Transparency): Added a  `forward_lldp` option to enable forwarding of LLDP frames through network instances (LLDP transparency). 
• IPv6 Connectivity Handling: Properly handles device IPv6 connectivity, including: 
  • applying IPv6 DNS and NTP servers 
  • correctly validating IPv6 configuration 
  • collecting IPv6 ACL metrics
  • resolving and caching the controller IPv6 address
• VLAN and Switch NI on Same Port: Added support for simultaneous use of a Switch Network Instance (with access/trunk ports) and VLAN sub-interfaces for management or Local NIs on the same physical port.
• Local Profile Server (LPS) Network Endpoint: Added support for the new /api/v1/network Local Profile Server (LPS) endpoint, enabling a local operator to modify a limited set of network attributes for one or more adapters directly on the device. Useful to airgapped use cases. See https://github.com/lf-edge/eve-api/blob/main/PROFILE.md#network 
• Improved WiFi Adapter Handling: Improved WiFi adapter handling by ensuring EVE-OS waits for WLAN rfkill unblock before bringing up the interface. This prevents failures during interface setup  (for example, wlan0 staying down and missing IP) when toggling WiFi between disabled and enabled states.
• Improved handling of device IPv6 connectivity:
  •  apply IPv6 DNS and NTP servers
  •  correctly validate IPv6 configuration
  •  collect IPv6 ACL metrics
  •  resolve and cache controller IPv6 address

Hardware

• Thermal Sensor Support for Intel: Enabled thermal sensor support on Intel platforms (NUC and similar).
• Prioritized Boot from Passthrough USB Devices: Updated the UEFI firmware for Virtual Machines, changing the boot logic to automatically prioritize any attached passthrough USB devices for Edge App VMs. This allows a virtual machine to boot from a USB stick even when the USB stick is connected via a passthrough USB controller with no user-intervention.
• OnLogic FR-201 Serial Number Reporting: OnLogic FR-201 devices are now reporting the hardware serial number (the RPI4 compute module CPU) instead of reporting the serial number printed on the physical box and packaging. EVE-OS will now automatically check for an OTP region first. If populated, EVE-OS will use this serial number for onboarding, ensuring the correct device identity is registered.
• Model Manifest for Modems: USB modems were previously miscategorized during hardware model generation. This update ensures that the edge node correctly recognizes USB modems in the hardware manifest, allowing them to be properly used for cellular connectivity.

Performance

• Edge View Session Stability: Reduced the Edge View keep alive interval to 30 seconds. This update resolves disconnection issues by sending keepalive messages more frequently, which maintains the session and ensures that long tasks can run to completion.
• ZEDEDA Cloud recently introduced an embedded remote access capability. Corresponding EVE-OS Edge View changes have been made to enhance the experience: 
  • changed default collectinfo logs from 10 days to 3 days 
  • added support for output line count in 'flow' and 'dmesg' commands 
  • limited 'traceroute' wait time for each hop to 1 second

Edge Sync

• Air-Gapped Environment Enhancements: Enhanced EVE-OS for usage with Edge-Sync in airgapped environments. Added the ability to reboot a device from Edge Sync and to run collect-info.sh and upload it to a user-specified datastore from Edge Sync.
• Air-Gap Mode for Offline Operation: Added air-gap mode to support offline operation via Edge Sync, with improved connectivity handling and log suppression when the main controller is unreachable.
• Device Name Transmission: Added the ability to send the device name to Edge Sync.
• Device and Project Name Reporting: EVE-OS now reports the device name and project name to the controller. This is relevant for non-cloud use cases such as Edge Sync.

General

• Improved Onboarding Error Messages: Improved onboarding error messages to specify whether the issue is due to a missing device, a device conflict, or to return a generic error if neither applies.
• Updated Azure and AWS SDKs: Updated the vendored lf-edge/eve-libs dependency in EVE-OS to incorporate the latest versions of the Azure and AWS Go SDKs. These updates enhance the functionality and compatibility of application image downloads from both cloud providers.
• Configurable Periodic Message Intervals: Added additional configuration capabilities to control how often EVE-OS sends periodic messages:
  • `timer.deviceinfo.interval` to control how often EVE-OS sends `DeviceInfo` messages even when nothing changed
  • `timer.hardwareinfo.interval` to control how often EVE-OS sends `ZiHardware` messages
  • `timer.ntpsources.interval` and `timer.config.interval` increased max values for parameters 
• Improved Upgrade Reliability: Improved EVE-OS upgrade reliability. This prevents stale checkpoints that could lead to unnecessary downloads or unintended downgrades after a reboot (notably for upgrades initiated via Terraform provider 1.0.6).
• S3-Compatible Object Store Support: You can now use S3-compatible object stores, such as MinIO or Ceph RGW, as datastores for your application images. Previously, the EVE-OS downloader only supported AWS S3. This update extends that capability, allowing you to host application images in private or on-premises storage environments. All existing AWS S3 datastore configurations also continue to work as is.
• Reduced Memory Usage During Heavy Network Activity: Improved EVE-OS memory usage during heavy network activity by offloading trace metadata to disk. EVE-OS now retains only a small, capped window of network metadata in RAM (≈100 MB) and writes the rest to disk, preventing memory growth during large transfers (for example, big file downloads) while still producing the final nettrace report.
• Diagnostic Properties: Remote endpoints used to assess connectivity when the controller is unreachable are now configurable via properties `diag.probe.remote.http.endpoint` and `diag.probe.remote.https.endpoint`. These probes are used only for diagnostics and can be disabled by setting the properties to an empty string.

Documentation in EVE-OS Repo

• Added user-facing documentation for Local Profile Server (LPS).
• Added min & max values in human-readable format to the config params documentation.
• https://github.com/lf-edge/eve/tree/master/docs 

Resolved Issues & Fixes

• Resolved an issue where changes to a content tree (like a URL) were not having an effect on the deployed app image.
• Improved robustness of the certificate fetch trigger logic to avoid potential issues with controller certificate updates.
• Disabled power management for Foxconn Qualcomm Snapdragon X55 5G and Quectel EM160R-GL modems to prevent firmware crashes.
• Resolved an issue with on-demand snapshots, where a rollback didn't automatically trigger an app reboot.
• Previously, the 'ConnectionError' field in the cellular status was empty, even if the modem was actively failing to establish a connection. Now the specific error message is reported when a cellular modem fails to connect. 
• Ensures parent interface is UP before bringing up VLAN subinterfaces. This resolves an issue where all interfaces are VLAN-based, and the parent interface is unused/in l2 mode only. 
• Improved Elliptic Curve Cryptography (ECC) signature serialization in Edge View. This update ensures that digital signatures are handled to make verification more reliable.
• The installer net tarball now includes the ipxe.efi binary. This resolves an issue with the TFTP boot process for installing EVE-OS on ARM64 devices.
• Fixed ICMP cellular probe parsing to correctly handle an unspecified probe host and use the default target (8.8.8.8).
• Resolved a corner case where reporting of current EVE-OS images to the remote controller was incorrect.
• Previously, when you disabled logs for an app instance, the app instance might continue to send logs to ZEDEDA Cloud. This update ensures the "disable logs" command is correctly applied.
• Fixed a boot hang on the Lenovo ThinkStation P3 Tiny Gen 2.
• Fixed an issue introduced in 15.2.0 where EVE-OS was not publishing cellular signal metrics due to incorrect polling interval initialization.
• Fixed a rare panic that could occur if a boot entry contains a URI.
• Fixed incorrect display of WWAN and WLAN networks.
• Improved error messages for LTE attach configuration to provide clearer reasons for connection failures.
• Fixed the issue that caused an endless loop when receiving a 5XX error from the controller.
• Resolved an issue when Edge View is used through HTTP proxy.
• Fixed an issue where custom grub config changes were not being picked up by the installer. 
• Fixed an issue with the net installer. 

EVE-k Current Limitations 

EVE-k currently does not support the following:

• Remote Console with or without Edge View for EVE-k VM access. See Virtual Network Computing for EVE-k Apps  for the workaround. 
• App Snapshots
• OEM Windows license propagation
• CPU Pinning
• vTPM Passthrough
• VMM Overhead Customization
• Hosted EVE-OS Images
• Edge Sync reporting to ZEDEDA Cloud
• Delayed Boot
• EVE-OS instance logs