sysconf reimage start
Restore the appliance and the HSM to the pre-installed baseline software/firmware versions.
If you have an older Luna Network HSM 7, the baseline versions are:
>Luna Appliance Software 7.2.0
If you have a newer Luna Network HSM 7 or have installed the Re-Image Software 7.7.1 and Firmware 7.3.3 Patch, the baseline versions are:
>Luna Appliance Software 7.7.1
You must be logged in as HSM SO to use this command.
CAUTION! This command is destructive; all partitions and cryptographic objects will be destroyed, and the HSM must be re-initialized. The operation takes 15-20 minutes, and the appliance reboots twice. Do not reboot the appliance manually during this time. Ensure that you have a power backup in place before re-imaging the appliance.
Re-imaging to an older appliance software version might expose vulnerabilities that were fixed in newer releases.
NOTE If you have an older Luna Network HSM 7, this feature requires that it has been upgraded to minimum Luna HSM Firmware 7.3.0 and Luna Appliance Software 7.3.0 at one point.
The Appliance Re-image feature is not supported on HSMs that use Functionality Modules. If you have ever enabled HSM policy 50: Allow Functionality Modules, even if the policy is currently disabled, you cannot re-image the HSM appliance. See FM Deployment Constraints for details.
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
sysconf reimage start [-base]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -base | -b | Restore the Luna Network HSM 7 to its original capability settings. With this option included, licenses such as partition packs are not preserved after the appliance re-image process. Purchased update licenses are still valid, and you can re-apply them (or apply them to a different Luna Network HSM 7) using the Thales Licensing Portal. |
Example
lunash:>sysconf reimage start
The HSM Administrator is logged in. Proceeding...
To remove audit logs from the HSM, you must configure the Audit Logs feature.
If you do not configure Audit Logs before re-imaging, the existing audit log history will be retained in the HSM.
Type 'proceed' to continue the re-imaging process without configuring Audit Logs, or 'quit' to cancel.
> proceed
Proceeding...
WARNING: This operation will revert the Luna Network HSM to the baseline of software 7.2.0-220 with firmware 7.0.3 !!!
(1) This is a destructive operation that erases all partitions and key material.
(2) Ensure that you have a valid backup of all your partitions.
(3) After completion, you must re-initialize the HSM.
(4) After completion, remote PED must be re-connected.
(5) This operation takes 15-20 minutes. Make sure you have power backup in place.
(6) Access to the appliance will be unavailable. DO NOT restart the appliance during this time.
(7) The operation erases all appliance logs.
(8) The re-imaging operation will generate additional audit logs in the HSM.
(9) The re-imaging procedure includes multiple appliance reboot.
(10) This operation CANNOT be undone.
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
Proceeding...
Step 1 of 7: Backing up the appliance support information
...
Done
Step 2 of 7: Setting up the environment for the Appliance Re-image.
...
Done
Step 3 of 7: Extracting the packages
...
This step may take a few minutes... \
Done
Step 4 of 7: Preparing the Luna Network HSM baseline installation scripts
...
Done
Step 5 of 7: Updating to the Luna Network HSM baseline firmware
...
Done
Step 6 of 7: Installing Luna Network HSM Base licenses
...
This step may take a few minutes... \
Done
Step 7 of 7: Factory reset Luna Network HSM
...
The Luna Network HSM with baseline firmware version has been factory reset.
Done
The Luna Network HSM will restart multiple times to complete the baseline installation.
This process could take 15-20 minutes.
Please wait for the operation to complete as interrupting the process could have adverse effects.
