Customer Release Notes
The customer release notes (CRN) provide important release-specific information. Read the CRN to fully understand the capabilities, limitations, and known issues for each release. The CRN is organized by release component as indicated below.
NOTE Information from all previously-distributed PDF versions of the Luna 7 CRN has been consolidated here.
>Luna Appliance Software Releases
>Luna Backup HSM 7 Firmware Releases
>Luna Backup HSM G5 Firmware Releases
The CRN also contains
>Version Dependencies by Feature
General Version Compatibility Recommendations
Generally, different combinations of Luna HSM firmware
| Luna HSM Firmware | Luna Appliance Software | Luna HSM Client |
|---|---|---|
| 6.2.1 and newer | 6.3.0 | 10.1.0 and newer |
| 7.0.1, 7.0.2, 7.0.3, 7.2.0, 7.3.0, 7.3.3 | 7.0.0 and newer | 10.1.0 and newer |
| 7.4.0, 7.4.2 | 7.4.0 and newer | 10.1.0 and newer |
| 7.7.0, 7.7.1, 7.7.2, 7.8.x | 7.7.0 and newer | 10.3.0 and newer |
Luna Appliance Software Releases
The Luna Appliance Software is a hardened Linux-based operating system that allows you to securely configure and maintain the appliance and the Luna HSM it contains. It is provided as a secure package file (.spkg) that may also include a Luna HSM firmware update. The following updates have been released since
>Luna Appliance Software 7.8.5
>Luna Appliance Software 7.8.4
>Luna Appliance Software 7.8.3
>Luna Appliance Software 7.8.1
>Luna Appliance Software 7.8.0
>Luna Appliance Software 7.7.1
>Luna Appliance Software 7.7.0
>Luna Appliance Software 7.4.0
>Luna Appliance Software 7.3.3
>Luna Appliance Software 7.3.1
>Luna Appliance Software 7.3.0
>Luna Appliance Software 7.2.0
>Luna Appliance Software 7.1.0
>Luna Appliance Software 7.0.0
NOTE About Luna Appliance Software Version Numbering
Extracted Luna Appliance Software spkg version numbers have the following format: lunasa_update-<Major>.<Minor>.<Patch>-<BuildNumber>.spkg
>Major: Always 7, indicating that it is to be installed on Luna Network HSM 7 and not an older Luna appliance version
>Minor: Updated for significant new functionality features
>Patch: Updated for bug fixes and minor functionality changes
>BuildNumber: Indicates the internal software build that was released. Only one build is released for general availability. The build number is not included in the downloaded software package, but it can be seen in the LunaSH banner and the output of lunash:> hsm show.
Occasionally, a patched version of a generally available Luna Appliance Software version may be released for a specific customer; these customer patches may have the same Major-Minor-Patch number as the generally available release, with a different build number.
Luna Appliance Software Patches
Thales has also released the following patch updates for general availability:
>Re-Image Software 7.7.1 and Firmware 7.3.3 Patch
>Luna Network HSM 7 Reboot Patch
Luna HSM Firmware Releases
The Luna HSM firmware is installed on the Luna HSM adapter/cryptographic-module, either inside a Luna Network HSM 7 appliance or an installed Luna PCIe HSM 7. It controls all cryptographic operations and key storage on the HSM hardware. In the case of Luna Network HSM 7, it is provided in a secure package file (.spkg) along with the appliance software. For Luna PCIe HSM 7, it is provided as a standalone secure update file (.fuf).
The following updates have been released since
The latest Luna HSM firmware is submitted for certification by various governing bodies, to ensure that your deployment is compliant. These certifications take time, so the most recent recommended certified firmware versions are listed below.
NOTE About Luna HSM 7 Firmware Version Numbering
Usually, Luna HSM 7 firmware is included with the Luna Appliance Software package. After the firmware is installed, it is visible in the output for lunash:> hsm show in the following format:
Firmware: <Major>.<Minor>.<Patch>
>Major: Always 7, indicating the version of the Luna HSM hardware
>Minor: Updated for significant new functionality features
>Patch: Updated for bug fixes and minor functionality changes
The RC# build number that is visible in firmware update files for Luna PCIe HSM 7 is not visible in LunaSH. Only one build is released for general availability.
Luna HSM Firmware Patches
Thales has also released the following patch updates for general availability:
>Luna HSM Bootloader 1.1.5 Patch
FIPS 140-3 Level 3 Certified Luna HSM Firmware Versions
The following Luna HSM firmware versions are FIPS 140-3 Level 3 certified per certificate #4684:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4684
>Luna HSM Firmware 7.8.4 (recommended)
FIPS 140-2 Level 3 Certified Luna HSM Firmware Versions
The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #4090:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090
The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #3205:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3205
Common Criteria Certified Firmware
The most recent firmware version certified under the Common Criteria standard is Luna HSM Firmware 7.7.1, with Luna HSM Bootloader 1.1.5 Patch. The certificates are posted here:
>https://www.commoncriteriaportal.org/files/epfiles/CC-20-195307.pdf
>CC Certificate -- Thales Luna K7 HSM
eIDAS Certified Firmware
TheLuna HSM Firmware 7.7.0 release is certified under the eIDAS standard and the certificate is posted here:
Luna HSM Client Releases
The Luna HSM Client software is installed on any computer that runs applications that use Luna HSM(s). It includes utilities for accessing and configuring HSM partitions, and for performing cryptographic operations. The client includes the Luna Software Development Kit for developing your applications, and the Luna FM Development Kit for developing Functionality Modules. Since the release of Luna HSM Client 10.2.0 (Luna Universal Client), all versions of the client software allow you to manage and access Luna Cloud HSM services alongside your on-premises Luna HSMs. See Updating the Luna HSM Client Software and Luna HSM Client Software Installation for installation instructions, and refer to the OS compatibility for your desired client version below:
NOTE About Luna HSM Client Version Numbering
Luna HSM Client version numbers use the format <Major>.<Minor>.<Patch>-<BuildNumber>. This version number is visible in the banner of all client utilities. The version is updated on all utilities in a client release even if no changes have been made to that utility since the previous version.
>Major: Either 7 or 10:
•7: Released before Luna Cloud HSM support
•10: Includes Luna Cloud HSM support
>Minor: Updated for significant new functionality features
>Patch: Updated for bug fixes and minor functionality changes
>BuildNumber: Indicates the internal software build that was released. Only one build is released for general availability. The build number is visible only in utility banners after client installation.
Luna HSM Client Software Patches
Thales has also released the following patch updates for general availability:
>CMU Patch to Allow Crypto User Login
Luna Backup HSM 7 Firmware Releases
The Luna Backup HSM 7 is a full-featured, hand-held, USB-attached backup HSM that includes an informational full-color display. It connects easily to a client workstation or Luna Network HSM 7 using the included USB 3.0 Type C cable, and includes a universal 5V external power supply, which may be required to power the device in some instances.
You can use the Luna Backup HSM 7 to back up your Luna HSM 5.x, 6.x, and 7.x user partitions.
NOTE The smart card slot located at the bottom front of the unit is reserved for future use and has been disabled in this release.
For detailed usage instructions, see Luna Backup HSM 7.
The Luna Backup HSM 7 is available in the following models. All models can be initialized in multifactor quorum or password-authenticated mode. In-field storage upgrades are not available.
| B700 | 32 MB storage, up to 100 partitions of the same authentication type |
| B750 | 128 MB storage, up to 100 partitions of the same authentication type |
| B790 | 256 MB storage, up to 100 partitions of the same authentication type |
>Luna Backup HSM 7 Firmware 7.7.2
>Luna Backup HSM 7 Firmware 7.7.1
>Luna Backup HSM 7 Firmware 7.3.2
FIPS 140-2 Level 3 Certified Luna Backup HSM 7 Firmware Versions
The following Luna Backup HSM 7 firmware versions are FIPS 140-2 Level 3 certified per certificate #4195:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4195
>Luna Backup HSM 7 Firmware 7.7.1 (recommended)
Luna Backup HSM G5 Firmware Releases
The Luna Backup HSM G5 is a USB-attached backup HSM that connects easily to a client workstation orLuna Network HSM 7, and allows you to back up and restore your Luna 5.x, 6.x, and 7.x partitions. Thales has released the following firmware updates for the Luna Backup HSM G5, relative to Luna 7 HSMs.
>Luna Backup HSM G5 Firmware 6.28.0
>Luna Backup HSM G5 Firmware 6.26.0
>Luna Backup HSM G5 Firmware 6.24.7
Luna PED Firmware Releases
The Luna PIN Entry Device (Luna PED) provides PIN entry and secret authentication to a Luna HSM that requires multifactor quorum authentication. Thales has released the following updates to the Luna PED firmware for use with Luna 7 HSMs:
