Luna Network HSM 7 Reboot Patch

This patch was released in July 2019. It addressed a rare issue where the Luna Network HSM 7 appliance intermittently failed to reboot, requiring manual reset. It should be applied to Luna Network HSM 7 shipped before December 2019, running Luna Appliance Software 7.0.0 to Luna Appliance Software 7.4.0, and is a prerequisite to update to Luna Appliance Software 7.7.0 or newer.

>Download Luna Network HSM 7 Reboot Patch 1.0.0-3

The patch is also bundled with the update packages for Luna Appliance Software 7.7.0 and newer.

This patch applies the following changes to the appliance motherboard:

>a new BIOS version ATLAS070

>a new Baseboard Management Controller (BMC) firmware 7.00

Updates are also applied to Luna appliance services to ensure proper shutdown of those services.

Advisory Notes

This section highlights important issues you should be aware of before deploying the Luna Network HSM 7 Reboot Patch. Refer to the README for instructions.

Patch must be re-applied after re-image or update to another affected version

While the BIOS and BMC firmware update is persistent and is not reverted after re-image or appliance software update, changes to some services on the appliance are reverted. You must re-apply the patch after performing one or both of the following actions:

>Re-imaging the appliance to Luna Appliance Software 7.2.0 and Luna HSM Firmware 7.0.3

>Updating to Luna Appliance Software 7.4.0 or older

NOTE If your final target version is Luna Appliance Software 7.7.0 or newer, you do not need to re-apply the patch; the affected service changes are automatically applied with the software update.

Patch Contents

The file contains the following:

>lunasa-reboot-patch-1.0.0-3.auth

>lunasa-reboot-patch-1.0.0-3.spkg

>README

Expected Warnings

Depending on the version of Luna appliance to which the patch is applied - some services being removed have already been cleaned up. As such, a warning message like the following can be ignored:

"28...warning: file /etc/systemd/system/lcdController-shutdown.service: remove failed: No such file or directory."

Installing the patch

Disconnect all clients from the current appliance before installing this package.

CAUTION! Back up your partitions before upgrading the appliance BIOS. Do not interrupt the update, or power off, or reboot the system while the BIOS upgrade is in progress; doing so might allow the system to enter an unrecoverable state, requiring return to Thales.

NOTE Install the patch via an SSH connection to the Luna Network HSM 7
Attempting to install the patch via a serial connection can yield unintended results including failure to complete.

To install the patch

1. Securely copy lunasa-reboot-patch-1.0.0-3.spkg to the Luna Network HSM 7 (use scp, pscp, or similar).

2.Log in, via SSH (not via serial connection), to LunaSH on the appliance as admin, and run the following commands to upgrade the BIOS:

a. lunash:>hsm login

b. lunash:>package update lunasa-reboot-patch-1.0.0-3.spkg -authcode <content of lunasa-reboot-patch-1.0.0-3.auth>

NOTE Updating the BMC firmware and the BIOS takes about 15 minutes to complete and must not be interrupted, nor the system rebooted, before the update-completed messages are displayed.

During the patch process you should see progress messages that the BIOS has been upgraded to version 070:

Upgrading the BIOS from 061 to 070: started
Upgrading the BIOS from 061 to 070: completed

as well as messages that the BMC firmware has been upgraded to version 7.00:

Upgrading the BMC firmware from 6.01 to 7.00: started  
Upgrading the BMC firmware from 6.01 to 7.00: completed

You can search for "Upgrading the BIOS" or "Upgrading the BMC firmware" in the syslog log file before or after reboot.

lunash:>syslog tail  -logname messages -entries 10000 -search "Upgrading"

CAUTION! Reboot the appliance ONLY if the BIOS and BMC Firmware updated successfully, otherwise contact Thales Customer Support for assistance.

c.lunash:>sysconf appliance reboot

The Luna Network HSM 7 will use BIOS ATLAS070 after reboot.

3.Verify that the BIOS has been upgraded to version ATLAS070.

a. Find the current BIOS version for Luna Network HSM 7 software version 7.3.0 to 7.4.0

Look in the 'messages' log files after reboot:

       lunash:>syslog tail -logname messages -entries 200000 -search "ATLAS"

You should see the following message:

       kern info  kernel: DMI: AIC OB111-AN/ANTLIA, BIOS ATLAS070 05/14/2019

'ATLAS070' is the BIOS version and '05/14/2019' is the BIOS release date.

b. Alternatively, find the current BIOS version for Luna Network HSM 7 software version 7.0.0 to 7.4.0

View the 'dmesg' log files after reboot:

    lunash:>syslog tarlogs

Securely copy 'logs.tgz' from the Luna Network HSM 7 (use scp, pscp, or similar) to another machine.

Extract 'dmesg' file from 'logs.tgz' Search for "ATLAS" in 'dmesg' file, you should find the following message:

       DMI: AIC OB111-AN/ANTLIA, BIOS ATLAS070 05/14/2019

'ATLAS070' is the BIOS version and '05/14/2019' is the BIOS release date.

NOTE The 'dmesg' log file is created after reboot and it always shows the current BIOS version. The 'dmesg.old' in the 'logs.tgz' is from the previous reboot. You can find the previous BIOS version in the 'dmesg.old' file.

Troubleshooting

If upgrading the BIOS or BMC firmware fails, do not reboot or power off the appliance. Take a picture of the screen and send it along with the log files for further instructions.

> lunash:>syslog tarlogs

>Using scp, pscp, or similar tools, copy logs.tgz from the Luna Network HSM 7 appliance to another machine

>Send the screen picture and logs.tgz to Thales support team.

You can see the patch log file at:

/var/log/reboot-patch-[Timestamp].log



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information