Rolling Back the SafeNet Luna HSM Firmware
When updating the HSM firmware, the SafeNet Luna Network HSM saves the previously-installed firmware version on the HSM. If required, you can roll back to this previously-installed version. Rollback allows you to try firmware without permanently committing to the new version.
Rollback does not create a new rollback target; a single rollback target is preserved when a firmware update is performed. After a rollback operation, no further rollback is possible until the next firmware update saves the pre-update version as the new rollback target.
CAUTION! Firmware rollback is destructive; earlier firmware versions might have older mechanisms and security vulnerabilities that a new version does not. Back up any important materials before rolling back the firmware. This procedure zeroizes the HSM and all cryptographic objects are erased.
CAUTION! Update any factory-fresh Network HSM to newer firmware before rolling back. The firmware rollback feature is intended to return the firmware to the previously installed version. Attempting a firmware rollback on a new appliance received directly from Gemalto factory can result in RMA (return of product), as the pre-shipment firmware is a factory-test version that does not accept your credentials.
To roll back the SafeNet Luna HSM firmware to the previous version
1.Check the previous firmware version that is available on the HSM (hsm firmware show).
lunash:>hsm firmware show
2.Back up any important cryptographic objects currently stored on the HSM (see Backup and Restore HSMs and Partitions).
3.At the
lunash:>hsm login
4.Roll back the HSM firmware (hsm firmware rollback).
lunash:>hsm firmware rollback
5.Re-initialize the HSM and restore your partition