New Features and Enhancements

SafeNet Luna PCIe HSM 7.2 introduces the following new features and enhancements:

Improved Luna HSM Client

Release 7.2 adds improvements to the Luna HSM Client software:

>Enhanced Version Compatibility for Luna HSM Client — Version 7.2 and newer Luna HSM Client can be used with HSMs running Luna 6.2.1 or higher, or any Luna 7 version, without conflict. Luna HSM Client 7.2 and newer versions can coexist in large deployments. You can schedule client roll-outs at your convenience, without need to match versions across your organization. Future HSM features that do not have client-version dependencies will function without issue.

>Improved Client Installer with User-Defined Install Paths (Windows) — Luna HSM Client can be installed at user-selected locations (file paths with sufficient space), and installed Client software can be modified without uninstalling and reinstalling.

See Windows SafeNet Luna HSM Client Installation in the Installation Guide.

>User-Defined Client Install Paths (Linux) — Linux root-level users can install the Luna HSM Client software to an installation directory of their choice.

See Linux SafeNet Luna HSM Client Software Installation in the Installation Guide.

Relabel Partitions

The Partition SO can now change the label of an initialized partition. This allows partitions to be created ahead of time and renamed to something more suitable later, when they are allocated for a particular purpose (Requires firmware 7.2.0).

See partition changelabel in the LunaCM Command Reference Guide.

Crypto User Can Clone Public Objects

The Crypto User (CU) role has always been able to create public objects, but not clone them. In HA mode, this would cause the replication and subsequent object creation operations to fail. Firmware 7.2.0 allows the CU to clone public objects, and therefore to perform operations on HA groups without Crypto Officer authentication (Requires firmware 7.2.0).

Auto-Enabled HA Logging

Luna HSM Client now automatically enables HA logging, either when you create the first HA group, or when you update the Luna HSM Client to 7.2 and it detects a previously-configured HA group. If you manually turn HA logging off, logging is not auto-enabled for new HA groups.

See HA Logging in the Administration Guide.

SCP03 Encoding

The SCP03 encoding scheme, as defined in NIST SP 800-108, is now supported for Global Platform.