Home > |
---|
This page describes configuration upgrades, how they work and interact, etc.
For instructions to apply a Configuration Upgrade to your HSM, see Apply a Capability Upgrade/Update to HSM.
SafeNet offers advanced configuration upgrades for its HSM products, some examples of which are listed in the following tables.
SafeNet delivers advanced configuration upgrades for SafeNet Network HSM as a secure package update. Follow the steps of Apply a Capability Upgrade/Update to HSM to apply the update. These are sometimes referred to as CUFs, but those refer to the USB HSM and the PCIe HSM; for the Network HSM, CUFs must be packaged as secure packages in order for the appliance to recognize them and handle them properly.
For SafeNet PCIe HSM and SafeNet USB HSM, you receive a firmware update file ( FUF ) or a capability update file ( CUFCapability Update File - see "Advanced Configuration Upgrades". ).
Note: This is not necessarily a complete list, please check with your sales representative for the full list.
Note: Part numbers shown here are for field upgrades. The same upgrades are often available for factory installation when you purchase a new SafeNet HSM product. Those have different part numbers (ask your sales representative). Not all field upgrades have an equivalent factory-applied version, because we ship HSMs with the most recent FIPS-validated firmware version, and some newer upgrades might require more recent firmware, so they cannot be installed at the factory.
Configuration upgrade | Part number |
---|---|
Maximum memory | 908-000086-001 |
Korean algorithms | 908-000139-002 |
ECIES acceleration | 908-000175-001 |
5 partitions | 908-000201-001 |
10 partitions | 908-000202-001 |
15 partitions | 908-000203-001 |
20 partitions | 908-000204-001 |
35 partitions | 908-000379-001 |
50 partitions | 908-000235-001 |
75 partitions | 908-000280-001 |
100 partitions | 908-000232-001 |
Enable Small Form-factor Backup (SA) | 908-000220-001 |
Enable Per-Partition Security Officer (PPSO) | 908-000263-001 |
Note: Increasing the number of partitions is not destructive; it does not erase existing partitions and objects. However, simply increasing the number of partition licenses does not increase memory. Depending on the size of the original partitions (did you re-size them to use large amounts of memory, or "all available memory"?), you might need to resize the existing partitions to make room for the additional partitions. If a partition is occupied when it is to be resized, you might need to move some objects before resizing.
Note: You can apply 100 partitions without also upgrading to Maximum Memory, but this leaves very little memory for each partition. Usefulness depends upon your application, and the sizes of keys and objects that you would store in each partition.
Also, if you are using STC, then that requires 2 KB of partition space for each STC client that is registered to a given partition.
Note: If you are both
- upgrading from an earlier firmware version to HSM firmware 6.22.0 (or newer)
AND
- applying the Per-Partition SO (PPSO) capability update,
be aware that the PPSO capability update is destructive. Therefore, there is no need to re-size partitions.
Instead, to avoid unnecessary duplication of effort, you should
- safeguard (archive) any existing partition contents,
- then zeroize the HSM for a clean update,
- then perform both the firmware AND capability updates,
- and finally restore to new partitions.
Configuration upgrade | Part number |
---|---|
Korean algorithms | 908-000138-002 |
ECIES acceleration | 908-000177-001 |
Enable Small Form-factor Backup (PCIe) | 908-000223-001 |
Configuration upgrade | Part number |
---|---|
Korean algorithms | 908-000156-002 |
ECIES acceleration | 908-000179-001 |
Configuration upgrade | Part number |
---|---|
5 partitions | 908-000083-001 |
10 partitions | 908-000287-001 |
20 partitions | 908-000085-001 |
35 partitions | 908-000281-001 |
50 partitions | 908-000282-001 |
75 partitions | 908-000283-001 |
100 partitions | 908-000284-001 |
NOTE: SafeNet Remote Backup HSM comes with maximum memory and does not require a separate memory upgrade for larger numbers of partitions. |
SafeNet offers ECIES support via a client-library shim. With the shim, ECIES 386-bit performance is approximately 40 operations per second. The ECIES acceleration configuration upgrade improves performance. This upgrade provides an approximately 5x performance increase compared to using the shim. If you choose to apply and use the configuration upgrade, you must remove the shim from your system configuration for the upgrade to have effect: shim use overrides acceleration.
Applying the ECIES advanced configuration upgrade is a destructive operation: objects already created on the HSM are destroyed. Therefore, you should apply this update when you first configure your HSM, before putting it into production (alternatively, you can back up any important objects and restore them onto the HSM after the upgrade).
Note: The full ECIES suite of mechanisms is not approved by NIST (that is, not all are FIPS 140-2 algorithms). Applying EITHER the ECIES shim OR this configuration upgrade option means that you can use all the available ECIES mechanisms when the HSM is not in the FIPS 140-2 mode of operation; however if FIPS 140-2 mode is asserted then some ECIES mechanisms are blocked.
When it became possible to roll HSM firmware updatesA newer version of client software, appliance software, or HSM firmware, to fix defects, or to improve security, or to modify/improve existing features, or to add enhancements. Updates are provided as needed, or as the product develops, for a hardware version. back to an earlier version, some additional concerns became evident. The order in which you perform some activities becomes important.
An HSM that receives a firmware update arrives at that condition with any capabilities/features that were part of the HSM before the update was installed. The pre-update record of <firmware version+configuration> is set. If you rollback, you rollbackTo return the HSM to its previous firmware version. This gives up any enhancements or fixes that were gained by the newer firmware version, as well as any upgrades that were installed after the firmware update (that is to be rolled back). to exactly the state that was recorded, prior to the update. All the same capabilities/features would be available, because they were present before the firmware update.
Any capability that you added after a firmware update would be lost, if you then rolled back the firmware, because the pre-update record of <firmware version+configuration> did not include any capability that you added only post-update. In that case:
•If the late-installed capability is not dependent on the newer firmware, then you can simply install it again, on the HSM at the rolled-back firmware version, and it will become part of the pre-update record the next time you update firmware.
•If the late-installed capability is dependent on the newer firmware, then you must do without that feature/capability until you once more update to a firmware version that can support it. At that time, you will need to re-install that capability upgradeA secure package that can be applied to the HSM to grant new capability or to enhance existing function..
The following table summarizes the options comparatively.
Start with this |
If you do this... |
Result is this |
If you next do this... |
Result is this |
If you next do this... |
Result is this |
If you next do this... |
Result is this |
|
---|---|---|---|---|---|---|---|---|---|
Example 1 (Read across ==>) |
f/w X and Capabilities |
Update to f/w Y |
f/w Y and Capabilities |
Roll back to f/w X |
f/w X and Capabilities |
||||
Example 2 (Read across ==>) |
Add Capability D (no dependency) |
f/w X and Capabilities |
Update to f/w Y |
f/w Y and Capabilities |
Roll back to f/w X |
f/w X and Capabilities |
|||
Example 3 (Read across ==>) |
Update to f/w Y |
f/w Y and Capabilities |
Add Capability D (no dependency) |
f/w Y and Capabilities |
Roll back to f/w X |
f/w X and Capabilities |
|||
Example 4 (Read across ==>) |
Capability E depends on f/w Y; Attempt to add Capability E fails |
f/w X and Capabilities |
Update to f/w Y |
f/w Y and Capabilities |
Add Capability E (depends on f/w Y) |
f/w Y and Capabilities |
Roll back to f/w X |
f/w X and Capabilities |
|
In Example 1, above, no capabilities change; only the firmware version. | |||||||||
In Example 2, above, D is added before firmware update; therefore the pre-update record includes capability D, so D survives firmware update and firmware rollback. | |||||||||
In Example 3, above, D is added after firmware update, the pre-update record does not include capability D, so D does not survive firmware rollback. | |||||||||
In Example 4, above, the pre-update record does not include capability E, so E does not survive firmware rollback. |
We advise you to retain a copy of any in-field configuration upgrades.