Customer Release Notes
The customer release notes (CRN) provide important release-specific information. Read the CRN to fully understand the capabilities, limitations, and known issues for each release. The CRN is organized by release component as indicated below.
NOTE Information from all previously-distributed PDF versions of the Luna 7 CRN has been consolidated here.
>Luna Appliance Software Releases
>Luna Backup HSM 7 Firmware Releases
>Luna Backup HSM G5 Firmware Releases
The CRN also contains
>Version Dependencies by Feature
General Version Compatibility Recommendations
Generally, different combinations of Luna HSM firmware
| Luna HSM Firmware | Luna Appliance Software | Luna HSM Client |
|---|---|---|
| 6.2.1 and newer | 6.3.0 | 10.1.0 and newer |
| 7.0.1, 7.0.2, 7.0.3, 7.2.0, 7.3.0, 7.3.3 | 7.0.0 and newer | 10.1.0 and newer |
| 7.4.0, 7.4.2 | 7.4.0 and newer | 10.1.0 and newer |
| 7.7.0, 7.7.1, 7.7.2, 7.8.x | 7.7.0 and newer | 10.3.0 and newer |
Luna Appliance Software Releases
The Luna Appliance Software is a hardened Linux-based operating system that allows you to securely configure and maintain the appliance and the Luna HSM it contains. It is provided as a secure package file (.spkg) that may also include a Luna HSM firmware update. The following updates have been released since the introduction of the Luna Network HSM 7:
>Luna Appliance Software 7.8.4
>Luna Appliance Software 7.8.3
>Luna Appliance Software 7.8.1
>Luna Appliance Software 7.8.0
>Luna Appliance Software 7.7.1
>Luna Appliance Software 7.7.0
>Luna Appliance Software 7.4.0
>Luna Appliance Software 7.3.3
>Luna Appliance Software 7.3.1
>Luna Appliance Software 7.3.0
>Luna Appliance Software 7.2.0
>Luna Appliance Software 7.1.0
>Luna Appliance Software 7.0.0
Luna Appliance Software Patches
Thales has also released the following patch updates for general availability:
>Re-Image Software 7.7.1 and Firmware 7.3.3 Patch
>Luna Network HSM 7 Reboot Patch
Luna HSM Firmware Releases
The Luna HSM firmware is installed on the Luna HSM adapter/cryptographic-module, either inside a Luna Network HSM 7 appliance or an installed Luna PCIe HSM 7. It controls all cryptographic operations and key storage on the HSM hardware. In the case of Luna Network HSM 7, it is provided in a secure package file (.spkg) along with the appliance software. For Luna PCIe HSM 7, it is provided as a standalone secure update file (.fuf).
The following updates have been released since the introduction of Luna HSM 7:
The latest Luna HSM firmware is submitted for certification by various governing bodies, to ensure that your deployment is compliant. These certifications take time, so the most recent recommended certified firmware versions are listed below.
Luna HSM Firmware Patches
Thales has also released the following patch updates for general availability:
>Luna HSM Bootloader 1.1.5 Patch
FIPS 140-3 Level 3 Certified Luna HSM Firmware Versions
The following Luna HSM firmware versions are FIPS 140-3 Level 3 certified per certificate #4684:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4684
>Luna HSM Firmware 7.8.4 (recommended)
FIPS 140-2 Level 3 Certified Luna HSM Firmware Versions
The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #4090:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090
The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #3205:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3205
Common Criteria Certified Firmware
The most recent firmware version certified under the Common Criteria standard is Luna HSM Firmware 7.7.2, with Luna HSM Bootloader 1.1.5 Patch. The certificates are posted here:
>https://www.commoncriteriaportal.org/files/epfiles/CC-20-195307.pdf
>CC Certificate -- Thales Luna K7 HSM
eIDAS Certified Firmware
The recent Luna HSM Firmware 7.7.0 release is certified under the eIDAS standard and the certificate is posted here:
Luna HSM Client Releases
The Luna HSM Client software is installed on any computer that runs applications that use Luna HSM(s). It includes utilities for accessing and configuring HSM partitions, and for performing cryptographic operations. The client includes the Luna Software Development Kit for developing your applications, and the Luna FM Development Kit for developing Functionality Modules. Since the release of Luna HSM Client 10.2.0 (Luna Universal Client), all versions of the client software allow you to manage and access Luna Cloud HSM services alongside your on-premises Luna HSMs. See Updating the Luna HSM Client Software and Luna HSM Client Software Installation for installation instructions, and refer to the OS compatibility for your desired client version below:
Luna HSM Client Software Patches
Thales has also released the following patch updates for general availability:
>CMU Patch to Allow Crypto User Login
Luna Backup HSM 7 Firmware Releases
The Luna Backup HSM 7 is a full-featured, hand-held, USB-attached backup HSM that includes an informational full-color display. It connects easily to a client workstation or Luna Network HSM 7 using the included USB 3.0 Type C cable, and includes a universal 5V external power supply, which may be required to power the device in some instances.
You can use the Luna Backup HSM 7 to back up your Luna HSM 5.x, 6.x, and 7.x user partitions.
NOTE The smart card slot located at the bottom front of the unit is reserved for future use and has been disabled in this release.
For detailed usage instructions, see Luna Backup HSM 7 v1 or Luna Backup HSM 7 v2.
The Luna Backup HSM 7 is available in the following models. All models can be initialized in multifactor quorum or password-authenticated mode. In-field storage upgrades are not available.
| B700 | 32 MB storage, up to 100 partitions of the same authentication type |
| B750 | 128 MB storage, up to 100 partitions of the same authentication type |
| B790 | 256 MB storage, up to 100 partitions of the same authentication type |
>Luna Backup HSM 7 Firmware 7.7.2
>Luna Backup HSM 7 Firmware 7.7.1
>Luna Backup HSM 7 Firmware 7.3.2
FIPS 140-2 Level 3 Certified Luna Backup HSM 7 Firmware Versions
The following Luna Backup HSM 7 firmware versions are FIPS 140-2 Level 3 certified per certificate #4195:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4195
>Luna Backup HSM 7 Firmware 7.7.1 (recommended)
Luna Backup HSM G5 Firmware Releases
The Luna Backup HSM G5 is a USB-attached backup HSM that connects easily to a client workstation orLuna Network HSM 7, and allows you to back up and restore your Luna 5.x, 6.x, and 7.x partitions. Thales has released the following firmware updates for the Luna Backup HSM G5, relative to Luna 7 HSMs.
>Luna Backup HSM G5 Firmware 6.28.0
>Luna Backup HSM G5 Firmware 6.26.0
>Luna Backup HSM G5 Firmware 6.24.7
Luna PED Firmware Releases
The Luna PIN Entry Device (Luna PED) provides PIN entry and secret authentication to a Luna HSM that requires multifactor quorum authentication. Thales has released the following updates to the Luna PED firmware for use with Luna 7 HSMs:
