Rolling Back the SafeNet Luna HSM Firmware

When updating the HSM firmware, the SafeNet Luna PCIe HSM saves the previously-installed firmware version on the HSM. If required, you can roll back to this previously-installed version. Rollback allows you to try firmware without permanently committing to the new version.

Rollback does not create a new rollback target; a single rollback target is preserved when a firmware update is performed. After a rollback operation, no further rollback is possible until the next firmware update saves the pre-update version as the new rollback target.

CAUTION!   Firmware rollback is destructive; earlier firmware versions might have older mechanisms and security vulnerabilities that a new version does not. Back up any important materials before rolling back the firmware. This procedure zeroizes the HSM and all cryptographic objects are erased.

NOTE   Firmware rollback is not supported on HSMs that use Functionality Modules. If you have ever enabled HSM policy 50: Allow Functionality Modules, even if the policy is currently disabled, you cannot roll back the HSM firmware. See FM Deployment Constraints for details.

To roll back the SafeNet Luna HSM firmware to the previous version

1.Check the previous firmware version that is available on the HSM.

lunacm:> hsm showinfo

2.Back up any important cryptographic objects currently stored on the HSM (see Backup and Restore).

3.At the LunaCM prompt, login as HSM SO.

lunacm:> role login -name so

4.Roll back the HSM firmware.

lunacm:> hsm rollbackfw

LunaCM performs an automatic restart following the rollback procedure.

5.Re-initialize the HSM and restore your partition from backup.


Customer Support Portal

SafeNet Luna PCIe HSM 7.4 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.