Home > |
---|
This section discusses installable modifications that many customers would make before placing their Luna HSM into service.
The HSM firmware determines the operation and features of the HSM. Newer firmware versions are constantly in development, to implement fixes, to add new functionality, or to adapt to evolving standards and certifications. As firmware versions are tested and released, they are made available to SafeNet customers. However, the newest version is rarely the version that is installed at the factory.
The United States National Institute of Standards and Technology's FIPS (Federal Information Processing Standard) 140-2 is a widely respected standard in the cryptographic industry. Many customers are required by their industry or market or auditing agency to use only FIPS-validated HSMs. Luna HSMs are routinely submitted to validation laboratories to be validated against the standard. For an HSM that has previously been validated, new submissions are made for re-validation when the device firmware has substantially changed.
New Luna HSMs are shipped from the factory with the most recent FIPS-validated firmware version installed. This is for the benefit of customers who are required to use only FIPS-validated HSMs in their operations. Because validation updates can take a year or more, there are always versions of firmware newer than the validated version. The newest, for the current release, is shipped with the HSM, ready to install, or can be downloaded from SafeNet, if the customer wishes to apply the latest fixes and features, and is not constrained to use only FIPS-validated HSMs.
The latest (at the time) firmware might also be an in-progress validation candidate, and so is ready for FIPS-requiring customers to install, as soon as the updated validation certificate is released.
Updating the HSM firmware is as simple as:
•having the Firmware Update File in place on the host,
•logging into the HSM, and
•issuing an update command (with an authentication code that you received from SafeNet).
Firmware updates can be reversed by a rollback command that returns the HSM to the previously-installed version. You might, for example, choose to perform firmware rollback in a test laboratory after evaluating the newer firmware for your needs.
Capability upgrades are additional sets of optional enhancements that can be purchased and applied to Luna HSMs. For example, a capability upgrade might add cryptographic algorithms/mechanisms that were not part of the base HSM, or might add the ability to use small form-factor backup devices.
The process is similar to a firmware update:
•acquiring the capability upgrade package from SafeNet,
•placing it on the host computer with the HSM
•logging into the HSM
•running an update command (with an authentication code that you received from SafeNet).