|
Home > |
|---|
This command rolls back (downgrades) the HSM firmware to the previously installed version. You do not need to obtain the previously installed version - it was automatically saved to a special rollback holding area when you used the command "hsm firmware upgrade ".
Note: This command is intended primarily for SafeNet internal use (for example, for automated testing). It is recommended that you use this command only when instructed to do so by SafeNet technical support. The HSM capabilities and performance following a firmware rollback are uncertain.
CAUTION: This command is considered destructive, because an earlier firmware version can have fewer or older mechanisms and might have security vulnerabilities that a newer version does not. Therefore, the HSM requires that the SO be logged in to perform the hsm firmware rollback operation.
After rollback is complete, the command "hsm show" indicates that you cannot rollback from the rolled-back firmware.
If you wish to reassert the newer firmware that was in the HSM before you rolled back, then use command "hsm firmware upgrade ", to [re-]upgrade to the newer firmware version. That version remains on standby in the appliance, so there is no need to re-upload or to re-install appliance software.
hsm firmware rollback [password] <password>
|
Parameter |
Shortcut |
Description |
|---|---|---|
| -force | -f |
Force the action |
The following example show the HSM configuration before and after the firmware rollback.
[local_host] lunash:>hsm show Appliance Details: ================== Software Version: 5.4.0-5 HSM Details: ============ HSM Label: mysa5 Serial #: 700022 Firmware: 6.21.0 Rollback Version: 6.20.0 Hardware Model: Luna K6 Authentication Method: PED keys HSM Admin login status: Not Logged In HSM Admin login attempts left: 3 before HSM zeroization! RPV Initialized: Yes Audit Role Initialized: No Remote Login Initialized: No Manually Zeroized: No Partitions created on HSM: ========================== .... (snip)... Command Result : 0 (Success) lunash:> [local_host] lunash:>hsm firmware rollback WARNING: This operation will rollback your HSM to the previous firmware version !!! (1) This is a destructive operation. (2) You will lose all your partitions. (3) You may lose some capabilities. (4) You may have to re-initialize the HSM. Type 'proceed' to continue, or 'quit' to quit now. > proceed Proceeding... Rolling back firmware. This may take several minutes. Command Result : 0 (Success) [local_host] lunash:>hsm show Appliance Details: ================== Software Version: 5.4.0-5 HSM Details: ============ HSM Label: mysa5 Serial #: 700022 Firmware: 6.20.0 Rollback Version: Cannot Rollback! <<======= Hardware Model: Luna K6 Authentication Method: PED keys HSM Admin login status: Not Logged In HSM Admin login attempts left: 3 before HSM zeroization! RPV Initialized: Yes Audit Role Initialized: No Remote Login Initialized: No Manually Zeroized: No Partitions created on HSM: ==========================
.... (snip)... Command Result : 0 (Success)