This page covers updating (not upgrading) of your Luna SA.
Your Luna SA system consists of components that might, from time to time, require updating to newer versions. The newer version might have fixes or functional improvements that are useful or important for your application. The components that might be affected are:
HOW FIRMWARE
UPDATES AFFECT AGENCY VALIDATION
In the case of FIPS 140, cryptographic devices are evaluated as a combination of hardware and firmware. Therefore, if either of those elements changes, the device is no longer covered by the current validation certificate.
If you require that equipment used in your application be (for example) FIPS 140-2 level 3 validated, you can use the most recent of our relevant HSM products that has been validated - which applies to a specific hardware and firmware combination.
If we release a newer version of firmware, your own security or compliance policies would not permit you to install that update until we have submitted the updated HSM for [re-] evaluation, and a new validation certificate has been issued.
As a general rule (exceptions are possible) we submit HSMs with new firmware versions. If the changes are small or do not affect areas that concern the FIPS evaluators, then the re-evaluation is performed on a delta basis and therefore occurs relatively quickly.
For a completely new product or major revision, the evaluators require a complete re-submission and the process takes roughly a year from submission to certificate.
Therefore, when a FIPS-candidate firmware version exists, our practice is to ship the respective HSM product with the most recent FIPS-validated firmware version installed, and with the candidate version as a standby update file (on the appliance, ready to install, but not yet installed). This ensures that customers who require validated systems continue to get them, and that customers who do not require validated systems are able to easily and quickly apply the update if they choose to do so.
The obvious trade-off is that customers who elect to remain with the as-shipped installed firmware version are maintaining the FIPS compliance at the cost of any upgraded capabilities or any security or functional fixes that are part of the firmware update.
Similarly, customers who choose to perform the update benefit from the improved capabilities and any security or functional fixes, but at the cost of moving out of FIPS compliance.
To update the software on a Client, you simply remove the older version and Install the newer, using the same procedure (for your operating system) that you used for the original software installation. That applies to Luna SA Client software itself, as well as to the SDK material.
To update system software and firmware, you must move the updates, in the form of update package files, to Luna SA and apply them. Updates are accompanied by an update . The update sheet provides detailed update instructions for each component. System and firmware updates require an authentication code, which is provided in a text file accompanying the update package.
The basic steps are:
Follow these steps to update your HSM firmware to 6.v.w.
It is strongly recommended that your Luna SA be connected to an Un-interruptible Power Supply (UPS) when you run firmware update. There is a small chance that a power failure during the update command could leave Luna SA in an unrecoverable condition.
For PED-authenticated Luna HSMs, ensure that SRK (the use of the purple PED Key) is disabled (bring the external portion of the MTK back into the HSM) before you begin the firmware update operation. This requires that you present the currently valid purple PED Key when you issue the hsm srk disable command.
If you run hsm update firmware while SRK is enabled (a portion of the MTK is outside the HSM, on a purple PED Key) you can expect an error like:
Error: 'hsm update firmware' failed. (10A0B : LUNA_RET_OPERATION_RESTRICTED)
If you have had SRK enabled and a valid purple PED Key, you can always perform hsm srk enable again after the firmware update operation, and resume with a new external secure recovery vector (SRV) imprinted onto a new purple PED Key (SRK).
A capability update or a firmware update is meant to be applied just one time to an HSM. If you attempt to re-apply a capability update to an HSM that already has the capability installed, the system throws an error like " C0000002 : RC_GENERAL_ERROR ". A similar result occurs if you attempt to install a particular firmware update more than once on one HSM. This is expected behavior.
For information and instructions regarding purchased Capability Updates, "Luna HSM Capability Updates".