Luna USB HSM 7 Firmware 7.9.2
Luna USB HSM 7 firmware version 7.9.2 was released in February 2026.
>Download Luna USB HSM 7 Firmware 7.9.2
CAUTION! Read the Advisory Notes before installing this update, to be aware of important changes that may require your attention.
New Features and Enhancements
This release synchronizes the functionality of the Luna USB HSM 7 with the latest Luna Network HSM 7 and Luna PCIe HSM 7 releases. Luna USB HSM 7 firmware 7.9.2 includes the following new features and enhancements:
ML-KEM and ML-DSA Mechanisms for Post Quantum Cryptography
This release includes support for post-quantum algorithms ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) and ML-DSA (Module-Lattice based Digital Signature Algorithm). Refer to:
>New PKCS extension descriptions:
•ML-DSA Programming Guide for Luna HSM
>New cryptographic mechanisms:
ML-KEM and ML-DSA Private Key Wrapping and Unwrapping
Private keys created with ML-KEM and ML-DSA mechanisms can be wrapped and unwrapped. Refer to:
>New example procedure: Private Key Wrapping of ML-KEM and ML-DSA
ML-KEM Cloning Ciphers
The following post-quantum cipher suites are now included for cloning between application partitions:
>ECDH-P521-ML-KEM1024-SHA2-512
>ECDH-BP512-ML-KEM1024-SHA2-512
>ECDH-P521-ML-KEM1024-SHA3-512
>ECDH-BP512-ML-KEM1024-SHA3-512
Refer to Enabling and Disabling CPv4 Cipher Suites for instructions on customizing cipher suites.
Attestation of PQC Keys
To check the attestation of PQC and ECC keys, use the Thales ECC Manufacturing Integrity Certificate.
Access Partition Utilization Metrics without HSM SO Login
You can now choose whether Partition Utilization Metrics can be viewed/exported and reset without needing login to the HSM. For continuity, the option defaults to requiring SO login, but that can be changed with a single command, to suit your security and auditing regimes. The existing QoS commands function as previously; only access to them is affected. This option is set using HSM Policy 58: Allow Unrestricted Metrics Access.
New Wrapping Mechanism in SCP03
CKM_AES_CBC_CMAC_WRAP is added to Secure Channel Protocol 03 (SCP03). Refer to:
>New cryptographic mechanism: CKM_AES_CBC_CMAC_WRAP
Curve secp256k1 performance
Curve secp256k1 (curve 10 in the multitoken utility) handling has been optimized, improving performance of all ECDH and ECIES and BIP32 mechanisms where it is used.
NOTE This enhancement is not available when the Luna USB HSM 7 is in FIPS-approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0).
SLIP10 for BIP32
SLIP10 derivation is added for BIP32 key type, with curve options secp256k1, NIST P-256, and ED25519. See SLIP 10.
ECIES HKDF Support
Support for HKDF (HMAC Key Derive Function) is added to ECIES. Adds HKDF Extract and Expand functions to support all Hash methods. Includes tools CKDemo, Multitoken, and fmultitoken. See ECIES Enhancement for HKDF.
Support for ED448 and Curve448
Crypto agility expands with the addition of support for ed448 and curve448.
Key Translation Function for 5G
Key Translation function- allows to securely import subscriber authentication keys into a 5G authentication platform (UDM).
The mechanism is used with the C_WrapKey command to receive a cryptogram from the client and re-encrypt it using a different key and/or mechanism; the result is then returned to the client.
See Luna Key Translation.
Choose Whether a Password Change Logs Out All Sessions
An option to the role changepw and role resetpw commands allows you to choose whether
>the change/reset operation immediately logs out all sessions open with that authentication (such as if an authentication has been compromised, where it is important to halt activity under a suspect role for security reasons) or
>open sessions are allowed to continue under the old authentication until closed (such as during routine password rollover, where it is important to allow operations to complete undisturbed).
HMAC Accepts Zero-byte Input
All cryptographic mechanisms with "HMAC" in the name now accept zero-byte input.
Session Memory Management Optimization
Applications are responsible for closing crypto sessions and releasing resources when they are no longer being used. Failure to do might eventually consume all available HSM memory. This memory management optimization allows you to support a higher number of simultaneous sessions by reducing the memory allocated per session, and to gracefully fail in case the available memory goes below a minimal threshold. It allows you to perform the appropriate administration tasks, maintain the availability of your platform, and prevent a crash.
See Cryptographic Module and Token Return Codes; refer to the note for errors 0x00310000 through 0x00310007.
Universal Cloning
Cloning (or migration) of keys and objects between Thales HSMs, has been enhanced as follows.
Updated encryption
Cloning encryption is now ECC-based (formerly RSA) and separates session-key negotiation from the use of session keys for migrating/transfering keys and objects within the security perimeter of the cryptographic module with the following advantages:
>Consolidate HSM resources with secure and transparent exchanges of cryptographic material among mixed authentication modes:
•multifactor quorum-authenticated and
•password-authenticated partitions.
>Transfer keys to an entirely new domain, providing full interoperability between on-premises Luna USB HSM 7 partitions and Luna Cloud HSM services.
Enhanced cipher suite options
Multiple cipher suites are available for cloning.
>Ciphers can be individually enabled or disabled by command.
>The protocol negotiates the strongest common suite enabled on source and target.
Multiple domains
Extended Domain Management widens the scope of key-migration/key-cloning operations, while maintaining the cryptographic module's security perimeter.
>Up to three domains can be associated with a partition.
>Domains can be labeled for ease of management, and the labels can be changed for convenience.
>Password-authenticated cloning domains (text string) and multifactor quorum-authenticated domains (iKey secret) can be mixed on a single partition.
>Keys and objects can be shifted from one domain (that you control) to another (that you control).
Session Key Lifetime Management
>Negotiated sessions have a finite lifetime (minimizing possibility of abuse), while being renegotiated with no burden to your applications.
>Multiple keys/objects can be transferred at one time, from one partition to another without requiring key-negotiation for each transfer (compare with prior behavior).
See Universal Cloning.
Advisory Notes
This section highlights important issues you should be aware of before installing Luna USB HSM 7 firmware version 7.9.2.
Migrate Keys From FIPS-Configured Luna USB HSM G5 Before Updating to This Version
Using Luna USB HSM 7 Firmware 7.7.3 or newer in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0), cloning from Luna USB HSM G5 with firmware 6.24.7 is disallowed. Therefore, you must migrate your keys to Luna USB HSM 7 with Luna USB HSM 7 Firmware 7.7.2 installed, before you update the firmware.
Requires Luna HSM Client 10.9.2 or Newer
This version of the Luna USB HSM 7 firmware requires Luna HSM Client 10.9.2 or newer.
FIPS Changes in Luna USB HSM 7 Firmware 7.9.2 and Newer
This release synchronizes functionality with the latest release of the Luna HSM firmware. New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0), to comply with FIPS 186-5 Digital Signature Standard (NIST SP 800-186).
RSA Key Pair Generation Mechanisms for FIPS 186-3 Allow 6144- and 8192-Bit Keys
Using the following mechanisms, you can now generate 6144-bit and 8192-bit RSA keypairs in FIPS approved configuration:
>CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN
>CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN
New Partition Policy Allows Signature Verification with ECDSA and RSA
A new partition policy 45: Allow ECDSA/RSA Prehash SigVer enables a prehash operation that allows mechanisms that do not have a hash function to perform verification. With this policy enabled, the following mechanisms are now permitted to perform verification in FIPS approved configuration:
Mechanisms that are now available in FIPS 140 approved configuration
The following mechanisms are now available for use in FIPS 140 approved configuration (formerly FIPS mode):
Mechanisms no longer available in FIPS 140 approved configuration
The following mechanism is now restricted from use in FIPS 140 approved configuration (formerly FIPS mode):
>CKM_EC_MONTGOMERY_KEY_PAIR_GEN
Mechanisms not permitted to sign objects in FIPS 140 approved configuration
The following mechanisms are not permitted to sign objects in FIPS 140 approved configuration:
Mechanisms now check for approved EC curves in FIPS 140 approved configuration
The following mechanisms now verify that the specified EC curve is FIPS-approved, and reject operations that specify non-approved curves:
>CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS
Allowed Elliptic Curves
| Curve Name | Mechanisms | Curve Field Type | Security Strength | Permitted Operations | ||
|---|---|---|---|---|---|---|
| Sign | Verify | Derive | ||||
| B-233 |
ECDSA, EC key Thales terminology |
Binary Field – GF(2m) | 112-bits | X | X | X |
| B-283 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 128-bits | X | X | X |
| B-409 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 192-bits | X | X | X |
| B-571 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 256-bits | X | X | X |
| K-233 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 112-bits | X | X | X |
| K-283 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 128-bits | X | X | X |
| K-409 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 192-bits | X | X | X |
| K-571 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 256-bits | X | X | X |
| P-244 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
| P-256 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| P-384 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| P-521 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Edwards448 | EdDSA |
Prime field – GF(p) | 224-bits | X | X | X |
| Edwards25519 | EdDSA |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P512r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Brainpool P512t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Brainpool P-384r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| Brainpool P-384t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| Brainpool P320r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 160-bits | X | X | X |
| Brainpool P320t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 160-bits | X | X | X |
| secp256k1 | Blockchain | Prime field – GF(p) | 128-bits | X | X | no* |
| Brainpool P-256r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P-256t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P-224r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
| Brainpool P-224t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
The above table applies to Luna PCIe HSM 7, Luna Network HSM 7, and Luna USB HSM 7 firmware 7.8.9 and newer, and 7.7.3 and newer, respectively.
*The secp256k1 (BIP32) curve cannot be used for ECDH or ECIES derivation in FIPS 140 approved configuration.
Partition Policy 9: Allow DigestKey is Destructive When Turned On
Partition policy 9: Allow DigestKey is set to 0 by default when you update to Luna USB HSM 7 Firmware 7.9.2 or newer, and it is destructive when changed from 0 to 1. If you were using C_DigestKey with Luna USB HSM 7 Firmware 7.7.2, and you need to continue using it, you must back up the contents of your application partition and restore them after changing the policy. Refer to Partition Backup and Restore.
FIPS Changes in Luna USB HSM 7 Firmware 7.7.3 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0), to comply with NIST SP800-131a Rev2 and SP800-56B Rev2, published in March 2019.
Mechanisms no longer available in FIPS approved configuration
The following mechanisms are no longer available in FIPS approved configuration:
>CKM_EC_MONTGOMERY_KEY_PAIR_GEN
NOTE If you need to generate FIPS-compliant domain parameters for this mechanism, use CKM_DSA_PARAMETER_GEN with modulus length 2048 or 3072.
DES/DES3 encryption not permitted using ECIES mechanisms
The following mechanisms are not permitted to encrypt in FIPS approved configuration (decrypt operations are permitted):
HMAC mechanisms not permitted to sign using DES3 keys
The following mechanisms are not permitted to sign objects with a DES3 key in FIPS approved configuration (verify operations are permitted):
Mechanisms now check for approved EC curves in FIPS mode
The following mechanisms now verify that the specified EC curve is FIPS-approved, and reject operations that specify non-approved curves:
>CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS
CKM_RSA_PKCS not permitted to decrypt/unwrap objects
To comply with FIPS 140-3 requirements, RSA-based key transport schemes that use only PKCS#1-v1.5 padding are disallowed. Therefore, CKM_RSA_PKCS is now restricted from performing decrypt/unwrap operations.
NOTE When the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0), CKM_RSA_PKCS is disabled even if partition policy 33: Allow RSA PKCS mechanism is set to 1.
3DES usage counter has been removed
The 3DES usage counter attribute (CKA_BYTES_REMAINING) has been removed in Luna USB HSM 7 Firmware 7.7.3 and newer, to comply with FIPS 140-3 requirements. This attribute is now ignored on any keys where it is already set.
FIPS Changes in Luna USB HSM 7 Firmware 7.7.2 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to 0), to comply with FIPS SP800-131a Rev2, published in March 2019. Consider these functional changes when migrating from Luna USB HSM G5.
Mechanisms not permitted to wrap objects in FIPS mode
The following mechanisms are not permitted to wrap objects in FIPS mode (unwrap operations are permitted):
Mechanisms not permitted to sign data in FIPS mode
The following mechanisms are not permitted to sign data in FIPS mode (verify operations are permitted):
Mechanisms approved for use in FIPS mode
The following mechanisms are now approved for use in FIPS mode:
