Valid Update Paths
The following table provides tested paths for updating to the current software/firmware versions.
| Component | Directly from version | To version |
|---|---|---|
| SafeNet Luna HSM Client software | Any | 7.2 |
| SafeNet Luna HSM firmware | 7.0.1, 7.0.2, 7.1.0 | 7.2.0 |
| 7.0.1, 7.0.2 | 7.0.3 | |
| SafeNet Backup HSM firmware | 6.10.9, 6.26.0 | 6.27.0 |
| SafeNet Luna PED firmware | 2.7.1 | N/A |
| 2.8.0 | N/A |
FIPS-Certification Firmware Candidates
Thales has three (3) versions of the SafeNet Luna PCIe HSM firmware currently undergoing FIPS certification review. The following firmware versions are all pending FIPS certification:
>Luna firmware v. 7.0.3 (recommended)
>Luna firmware v. 7.0.2
>Luna firmware v. 7.0.1
Recommended Minimum Versions
Generally, Thales recommends that you always keep your HSM firmware and client software up to date, to benefit from the latest SafeNet features and bug fixes. If regular updates are not possible or convenient, the following table lists the recommended minimum firmware and software versions for use with SafeNet Luna 7 HSMs. If you are running an earlier version, Thales advises upgrading to the version(s) below to ensure that you have critical bug fixes and security updates.
| SafeNet Luna PCIe HSM 7 Minimum Recommended Configuration | Luna HSM Client | Luna HSM Firmware |
|---|---|---|
| 7.2 | 7.2.0 | |
| 7.0.3 |
NOTE Customers who wish to use Luna 7 HSMs with F5 Network BIG-IP 13.1 appliances should follow F5 guidelines for Supported SafeNet client and HSM versions (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/f5-safenet-hsm-version-interoperability-matrix.html). At the time of this release, F5’s supported versions for Luna 7 are Luna HSM Client 7.1 with firmware 7.0.2.
Special Instructions for Installing Firmware 7.0.3 if Your Current Firmware Version is 7.1.0
Firmware 7.0.3 is Thales's latest candidate for FIPS certification. If you are using firmware 7.0.1 or 7.0.2, you can proceed with the standard update procedure. If you previously updated to firmware 7.1.0, and you wish to use firmware 7.0.3, follow this procedure to ensure a successful update.
SafeNet Luna PCIe HSM does not allow you to update the firmware from a higher-numbered to a lower-numbered version. Therefore, if you are currently running firmware 7.1.0, you must first perform a firmware rollback.
CAUTION! Firmware rollback is destructive; earlier firmware versions might have older mechanisms and security vulnerabilities that a new version does not. Back up any important materials before rolling back the firmware. This procedure zeroizes the HSM and all cryptographic objects are erased.
To install firmware 7.0.3 on an HSM running firmware 7.1.0:
1.Check the previous firmware version that is available on the HSM. The firmware available for rollback must be 7.0.1 or 7.0.2.
lunacm:>hsm showinfo
2.Back up any important cryptographic objects currently stored on the HSM
3.Log in as HSM SO.
lunacm:>role login -name so
4.Perform a firmware rollback.
lunacm:>hsm rollbackfw
LunaCM performs an automatic restart following the rollback procedure.
5.Initialize the HSM and log in as HSM SO.
6.Install the SafeNet Luna HSM firmware 7.0.3 as described Updating the SafeNet Luna PCIe HSM or SafeNet Luna Backup HSM Firmware.
7.Recreate your application partition and restore the contents from backup
