|
Home > |
|---|
Rollback the HSM firmware to the previously installed version. Only the previously installed version is available for rollback. Rollback allows you to try a new firmware version (hsm updatefw) without permanently committing to the new version.
Note: For PED-authenticated HSMs, you must disable SRK before you can update the firmware. Use the srk show command to determine whether SRK is enabled on your HSM. If it is, the first line of the output of the srk show command reads Secure Transport Functionality is supported and enabled. If this is the case, run the srk disable command to disable SRK on the HSM. You must have the appropriate purple PED Key to disable SRK. If you attempt to update the firmware update while SRK is enabled, the system responds with an error: 0x80000030 (CKR_OPERATION_NOT_ALLOWED).
Note: LunaCM performs an automatic restart following a firmware rollback.
Note: You must re-initialize the HSM after rolling back the firmware rollback. since re-initialization is a destructive action, ensure that you back up any important materials before running this command.
Note: The lunacm hsm commands appear only when the current slot selected in lunacm is for a locally-installed HSM, such as a SafeNet PCIe HSM or SafeNet USB HSM. When lunacm is directed at a slot corresponding to a remote SafeNet Network HSM, the HSM-level commands do not appear, since lunacm has a client-only connection to a remote HSM and therefore cannot log in as SO to a remote HSM. To access HSM commands on the SafeNet Network HSM appliance, you must use the Luna Shell (lunash).
hsm rollbackfw
lunacm:> hsm login
Please attend to the PED.
Command Result : No Error
lunacm:> hsm rollbackFW
You are about to rollback the firmware.
The HSM will be reset.
Are you sure you wish to continue?
Type 'proceed' to continue, or 'quit' to quit now -> proceed
Rolling back firmware. This may take several minutes.
Firmware rollback passed. Resetting HSM
Command Result : No Error