Rolling Back the SafeNet Luna HSM Firmware

When updating the HSM firmware, the SafeNet Luna PCIe HSM saves the previously-installed firmware version on the HSM. If required, you can roll back to this previously-installed version. Rollback allows you to try firmware without permanently committing to the new version.

Rollback does not create a new rollback target; a single rollback target is preserved when a firmware update is performed. After a rollback operation, no further rollback is possible until the next firmware update saves the pre-update version as the new rollback target.

CAUTION!   Firmware rollback is destructive; earlier firmware versions might have older mechanisms and security vulnerabilities that a new version does not. Back up any important materials before rolling back the firmware. This procedure zeroizes the HSM and all cryptographic objects are erased.

CAUTION!   Update any factory-fresh Network HSM to newer firmware before rolling back. The firmware rollback feature is intended to return the firmware to the previously installed version. Attempting a firmware rollback on a new appliance received directly from Gemalto factory can result in RMA (return of your HSM to Gemalto).  

To roll back the SafeNet Luna HSM firmware to the previous version:

1.Check the previous firmware version that is available on the HSM.

lunacm:>hsm showinfo

2.Back up any important cryptographic objects currently stored on the HSM (see Backup and Restore).

3.At the LunaCM prompt, login as HSM SO.

lunacm:>role login -name so

4.Roll back the HSM firmware.

lunacm:>hsm rollbackfw

LunaCM performs an automatic restart following the rollback procedure.

5.Re-initialize the HSM and restore your partition from backup.


Customer Support Portal

SafeNet Luna PCIe HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.