Luna HSM Bootloader 1.1.5 Patch
This patch, which updates the bootloader on the Luna HSM to version 1.1.5, was released in April 2023. It includes important security updates.
>Download Luna HSM Bootloader 1.1.5
NOTE If you have Luna HSM Firmware 7.8.1 or newer installed, you do not need to apply this patch; Luna HSM bootloader 1.1.5 is included with the firmware.
This patch will update the bootloader to version 1.1.5 permanently; you do not need to apply the patch again.
Bootloader 1.1.5 is FIPS-validated. Refer to NIST certificate #4090 for FIPS 140-2 Level 3 certification:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090
Bootloader 1.1.5 is considered a minor change that does not affect Common Criteria validation. Assurance is maintained, as indicated in this report:
Common Criteria maintenance report for Boot Loader 1.1.5
Valid Update Paths
You can install the Luna HSM Bootloader 1.1.5 Patch on any Luna HSM with Luna HSM Firmware 7.8.0 or older.
Update Procedure
Use the following procedure to install the Luna HSM Bootloader 1.1.5 Patch:
1.Copy the firmware file (fwupdateK7_RealCert_1.1.5.fuf) and the authentication code file (fwupdateK7_RealCert_1.1.5.txt) to the Luna HSM Client root directory.
•Windows: C:\Program Files\SafeNet\LunaClient
•Linux/AIX: /usr/safenet/lunaclient/bin
•Solaris: /opt/safenet/lunaclient/bin
NOTE On some Windows configurations, you might not have authority to copy or unzip files directly into C:\Program Files\.... If this is the case, put the files in a known location that you can reference in a LunaCM command.
2.Launch LunaCM.
3.If more than one HSM is installed, set the active slot to the Admin partition of the HSM you wish to update.
lunacm:> slot set -slot <slot_number>
4.Log in as HSM SO.
lunacm:> role login -name so
5.Apply the new firmware update by specifying the update file and the authentication code file. If the files are not located in the Luna HSM Client root directory, specify the full filepaths.
lunacm:> hsm updatefw -fuf fwupdateK7_RealCert_1.1.5.fuf -authcode fwupdateK7_RealCert_1.1.5.txt
6.[Optional] Check that the bootloader version has been updated. If you are using Luna HSM Client 10.3.0 or newer, the bootloader version is included in the information from lunacm:> hsm showinfo:
lunacm:> hsm showinfo
Bootloader Version -> 1.1.5
Advisory Notes
This section highlights important issues you should be aware of before installing the Luna HSM Bootloader 1.1.5 Patch.
Firmware Cannot Be Rolled Back After Installing the Patch
After installing the bootloader update package, you cannot roll back to the previous firmware version.