Updating the Luna Backup HSM (G7) Firmware
To update the Luna Backup HSM (G7) firmware, download the desired firmware version from the Thales Support Portal.
Updating the Client-Connected Luna Backup HSM (G7) Firmware
Use the following procedure to update the Backup HSM firmware using LunaCM. The Backup HSM SO must complete this procedure.
NOTE This functionality requires minimum Luna HSM Client 10.3.0. See Version Dependencies by Feature for more information.
Prerequisites
>Luna Backup HSM (G7) firmware update file (<filename>.fuf)
>firmware update authentication code file (<filename>.txt)
>If you have backups currently stored on the Backup HSM, they must take up less than 60% of storage capacity, or the firmware upgrade will not proceed.
NOTE If you are updating the firmware to version 7.7.x or newer, objects and partitions must be re-sized to include additional object overhead associated with the new V1 partitions - this is included in the process, no additional action from you (see What are "pre-firmware 7.7.0", and V0, and V1 partitions?). This conversion can take much longer than previous firmware updates, depending on the number of objects stored on the HSM (a few minutes to several hours). Ensure that you can leave the update operation uninterrupted for this amount of time. Do not interrupt the procedure even if the operation appears to have stalled.
To update the Luna Backup HSM (G7) firmware using LunaCM
1.Copy the firmware file (<filename>.fuf) and the authentication code file (<filename>.txt) to the Luna HSM Client root directory.
•Windows: C:\Program Files\SafeNet\LunaClient
•Linux: /usr/safenet/lunaclient/bin
•Solaris: /opt/safenet/lunaclient/bin
NOTE On some Windows configurations, you might not have authority to copy or unzip files directly into C:\Program Files\.... If this is the case, put the files in a known location that you can reference in a LunaCM command.
2.Launch LunaCM.
3.If more than one HSM is installed, set the active slot to the Admin partition of the HSM you wish to update.
lunacm:> slot set -slot <slot_number>
4.[PED-Authenticated] If you are updating a PED-authenticated Backup HSM, connect to the Remote PED server.
lunacm:> ped connect [-ip <IP_address>] [-port <port#>]
5.Log in as HSM SO.
lunacm:> role login -name so
6.Apply the new firmware update by specifying the update file and the authentication code file. If the files are not located in the Luna HSM Client root directory, specify the full filepaths.
lunacm:> hsm updatefw -fuf <filename>.fuf -authcode <filename>.txt
The previous version of the firmware is stored in reserve on the HSM. To restore the previous firmware version, see Rolling Back the Luna Backup HSM (G7) Firmware.
