Replacing the Luna PCIe HSM Battery
The Luna PCIe HSM uses a 3.6V non-rechargeable lithium battery to provide backup power to its memory. This enables the HSM to preserve cryptographic material even when the host system loses power. The battery may need replacement over the course of the HSM's lifetime. To see if your battery needs to be replaced, run hsm envshow in LunaCM. A warning is returned if the battery's voltage drops below 2.75 V.
TIP - WHICH BATTERY-RELATED VOLTAGE IS RELEVANT?
As supplied by the vendor, and when originally installed in the Luna PCIe HSM, the battery produced 3.6 volts.
A voltage regulator, in the HSM card, adjusts that nominal voltage to a value that is suitable for the tamper circuit.
NOTE The software reports the regulated voltage value, not the nominal, unloaded value, measured before the regulator.
Therefore, a value of 3.1 volts, measured at the battery terminals in isolation with a voltmeter, relates to a regulated value of 2.75 volts, measured by software via the circuit board, indicating a battery at the end of its useful life and in need of replacement.
To proceed with replacement,
•ensure that the temporary battery has a directly measured voltage higher than 3.1 volts, and
•for best result and battery life, ensure that the replacement battery has an unloaded, directly measured voltage near 3.6 volts.
CAUTION! Unless temporary battery power is supplied to the HSM while the main battery is replaced, all cryptographic material will be erased. Use the Luna PCIe HSM Temporary Battery Holder to ensure a continuous power supply.
Required Items
To replace the battery, you will need the following items. Battery manufacturer information is suggested.
| Qty | Item | Description/Specifications | Manufacturer | Part Number |
|---|---|---|---|---|
| 1 | Luna PCIe HSM replacement battery | 2/3AA, 3.6V, 1650 mAh, Li-COCl2, length 33.5 mm, diameter 14.55 mm | OmniCel | ER14335/S |
| Xeno Energy | XL-055F | |||
| 1 | Temporary Battery Holder |
Used with a temporary battery to maintain power to the Luna PCIe HSM during the replacement process. Can be requested from Thales.
|
Thales | 908-000408-001 |
| 1 | Temporary Battery | AA, 3.6V, 1650 mAh, Li-COCl2, length 50.3 mm, diameter 14.55 mm | Saft | LS14500-AA |
Instructions
CAUTION! Back up any important cryptographic material on the HSM before proceeding. Removing the card from the host system will cause a tamper event. If HSM policy 40: Decommission on Tamper is enabled, the application partition and all roles are destroyed, and you must reconfigure the HSM after this procedure.
Prerequisites
To replace the battery, you must first remove the Luna PCIe HSM card from the host system.
CAUTION! This product uses semiconductors that can be damaged by electro-static discharge (ESD). When handling the device, avoid contact with exposed components, and always use an anti-static wrist strap connected to an earth ground. In rare cases, ESD can trigger a tamper or decommission event on the HSM. If this happens, all existing roles and cryptographic objects are deleted.
1.Test the temporary and replacement batteries with a voltmeter or multimeter. If either battery's voltage is below 3.1 V, it is depleted and must be replaced.
CAUTION! You must use the temporary battery specified in Required Items. Standard AA voltage is too low to power the Luna PCIe HSM.
2.[Optional] If the card will not be in your possession the entire time it is out of service, you can enable Secure Transport Mode
3.Power off the host machine and disconnect it from power.
4.Use an anti-static wrist strap (provided with your Luna PCIe HSM) to ground yourself to an exposed metal part of the computer chassis.
5.Remove the Luna PCIe HSM from its PCIe slot.
Replacing the Luna PCIe HSM Battery
To maintain HSM power, you must connect a temporary battery while replacing the main battery.
To replace the Luna PCIe HSM battery:
1.Install the temporary battery in the temporary battery replacement holder.
2.Install the 2-pin plug from the battery holder onto the 2-pin header marked P8 on the Luna PCIe HSM card.
NOTE The polarity on the P8 header is not reversible. The jumper will only fit onto the header in the correct direction.
The Luna PCIe HSM card's green D4 LED is illuminated. This indicates that the card is receiving power from the temporary battery. If the LED appears dim, ensure that the temporary battery's voltage is greater than 3.1 V.
3.If necessary, remove the screw securing the battery cover.
4.Replace the 2/3AA battery on the card. Note the correct polarity.
5.Replace the battery cover and secure it with the screw.
6.Remove the jumper from the P8 header to disconnect the temporary power.
7.Reinstall the Luna PCIe HSM card.
8.Dispose of the depleted battery according to regional recycling regulations.
