Customer Release Notes

The customer release notes (CRN) provide important release-specific information. Read the CRN to fully understand the capabilities, limitations, and known issues for each release. The CRN is organized by release component as indicated below.

NOTE   Information from all previously-distributed PDF versions of the Luna 7 CRN has been consolidated here.

>Luna Appliance Software Releases

>Luna HSM Firmware Releases

>Luna HSM Client Releases

>Luna Backup HSM 7 Firmware Releases

>Luna Backup HSM G5 Firmware Releases

>Luna PED Firmware Releases

The CRN also contains the following information about component version dependencies, organized by feature, and descriptions of known and resolved issues:

>Version Dependencies by Feature

>Known and Resolved Issues

General Version Compatibility Recommendations

Generally, different combinations of Luna HSM firmware, Luna Appliance Software, and Luna HSM Client software versions are supported. Features that do not have client version dependencies will function without issue. However, Thales has the following recommendations when using certain firmware versions:

Luna HSM Firmware Luna Appliance Software Luna HSM Client
6.2.1 and newer 6.3.0 10.1.0 and newer
7.0.1, 7.0.2, 7.0.3, 7.2.0, 7.3.0, 7.3.3 7.0.0 and newer 10.1.0 and newer
7.4.0, 7.4.2 7.4.0 and newer 10.1.0 and newer
7.7.0, 7.7.1, 7.7.2, 7.8.x 7.7.0 and newer 10.3.0 and newer

Luna Appliance Software Releases

The Luna Appliance Software is a hardened Linux-based operating system that allows you to securely configure and maintain the appliance and the Luna HSM it contains. It is provided as a secure package file (.spkg) that may also include a Luna HSM firmware update. The following updates have been released since the introduction of the Luna Network HSM 7:

>Luna Appliance Software 7.8.5

>Luna Appliance Software 7.8.4

>Luna Appliance Software 7.8.3

>Luna Appliance Software 7.8.1

>Luna Appliance Software 7.8.0

>Luna Appliance Software 7.7.1

>Luna Appliance Software 7.7.0

>Luna Appliance Software 7.4.0

>Luna Appliance Software 7.3.3

>Luna Appliance Software 7.3.1

>Luna Appliance Software 7.3.0

>Luna Appliance Software 7.2.0

>Luna Appliance Software 7.1.0

>Luna Appliance Software 7.0.0

NOTE   About Luna Appliance Software Version Numbering

Extracted Luna Appliance Software spkg version numbers have the following format: lunasa_update-<Major>.<Minor>.<Patch>-<BuildNumber>.spkg

>Major: Always 7, indicating that it is to be installed on Luna Network HSM 7 and not an older Luna appliance version

>Minor: Updated for significant new functionality features

>Patch: Updated for bug fixes and minor functionality changes

>BuildNumber: Indicates the internal software build that was released. Only one build is released for general availability. The build number is not included in the downloaded software package, but it can be seen in the LunaSH banner and the output of lunash:> hsm show.

Occasionally, a patched version of a generally available Luna Appliance Software version may be released for a specific customer; these customer patches may have the same Major-Minor-Patch number as the generally available release, with a different build number.

Luna Appliance Software Patches

Thales has also released the following patch updates for general availability:

>Re-Image Software 7.7.1 and Firmware 7.3.3 Patch

>Luna Network HSM 7 Reboot Patch


Luna HSM Firmware Releases

The Luna HSM firmware is installed on the Luna HSM adapter/cryptographic-module, either inside a Luna Network HSM 7 appliance or an installed Luna PCIe HSM 7. It controls all cryptographic operations and key storage on the HSM hardware. In the case of Luna Network HSM 7, it is provided in a secure package file (.spkg) along with the appliance software. For Luna PCIe HSM 7, it is provided as a standalone secure update file (.fuf).

The following updates have been released since the introduction of the Luna Network HSM 7:

>Luna HSM Firmware 7.8.7

>Luna HSM Firmware 7.8.4

>Luna HSM Firmware 7.8.2

>Luna HSM Firmware 7.8.1

>Luna HSM Firmware 7.8.0

>Luna HSM Firmware 7.7.2

>Luna HSM Firmware 7.7.1-20

>Luna HSM Firmware 7.7.1

>Luna HSM Firmware 7.7.0

>Luna HSM Firmware 7.4.2

>Luna HSM Firmware 7.4.0

>Luna HSM Firmware 7.3.3

>Luna HSM Firmware 7.3.0

>Luna HSM Firmware 7.2.0

>Luna HSM Firmware 7.1.0

>Luna HSM Firmware 7.0.3

>Luna HSM Firmware 7.0.2

>Luna HSM Firmware 7.0.1

The latest Luna HSM firmware is submitted for certification by various governing bodies, to ensure that your deployment is compliant. These certifications take time, so the most recent recommended certified firmware versions are listed below.

NOTE   About Luna HSM 7 Firmware Version Numbering

Usually, Luna HSM 7 firmware is included with the Luna Appliance Software package. After the firmware is installed, it is visible in the output for lunash:> hsm show in the following format:

   Firmware:                           <Major>.<Minor>.<Patch>

>Major: Always 7, indicating the version of the Luna HSM hardware

>Minor: Updated for significant new functionality features

>Patch: Updated for bug fixes and minor functionality changes

The RC# build number that is visible in firmware update files for Luna PCIe HSM 7 is not visible in LunaSH. Only one build is released for general availability.

Luna HSM Firmware Patches

Thales has also released the following patch updates for general availability:

>Luna HSM Bootloader 1.1.5 Patch

>Luna HSM Firmware 7.7.1-20

FIPS 140-3 Level 3 Certified Luna HSM Firmware Versions

The following Luna HSM firmware versions are FIPS 140-3 Level 3 certified per certificate #4684:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4684

>Luna HSM Firmware 7.8.4 (recommended)

FIPS 140-2 Level 3 Certified Luna HSM Firmware Versions

The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #4090:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090

>Luna HSM Firmware 7.7.1-20

>Luna HSM Firmware 7.7.1

>Luna HSM Firmware 7.7.0

The following Luna HSM firmware versions are FIPS 140-2 Level 3 certified per certificate #3205:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3205

>Luna HSM Firmware 7.3.3

>Luna HSM Firmware 7.0.3

>Luna HSM Firmware 7.0.2

>Luna HSM Firmware 7.0.1

Common Criteria Certified Firmware

The most recent firmware version certified under the Common Criteria standard is Luna HSM Firmware 7.7.1, with Luna HSM Bootloader 1.1.5 Patch. The certificates are posted here:

>https://www.commoncriteriaportal.org/files/epfiles/CC-20-195307.pdf

>CC Certificate -- Thales Luna K7 HSM

eIDAS Certified Firmware

TheLuna HSM Firmware 7.7.0 release is certified under the eIDAS standard and the certificate is posted here:

>https://www.tuv-nederland.nl/assets/files/cerfiticaten/2021/02/eidas-certificate-luna-k7-20-195307-2.pdf


Luna HSM Client Releases

The Luna HSM Client software is installed on any computer that runs applications that use Luna HSM(s). It includes utilities for accessing and configuring HSM partitions, and for performing cryptographic operations. The client includes the Luna Software Development Kit for developing your applications, and the Luna FM Development Kit for developing Functionality Modules. Since the release of Luna HSM Client 10.2.0 (Luna Universal Client), all versions of the client software allow you to manage and access Luna Cloud HSM services alongside your on-premises Luna HSMs. See Updating the Luna HSM Client Software and Luna HSM Client Software Installation for installation instructions, and refer to the OS compatibility for your desired client version below:

>Luna HSM Client 10.7.2

>Luna HSM Client 10.7.1

>Luna HSM Client 10.7.0

>Luna HSM Client 10.6.0

>Luna HSM Client 10.5.1

>Luna HSM Client 10.5.0

>Luna HSM Client 10.4.1

>Luna HSM Client 10.4.0

>Luna HSM Client 10.3.0

>Luna HSM Client 10.2.0

>Luna HSM Client 10.1.0

>Luna HSM Client 7.4.0

>Luna HSM Client 7.3.0

>Luna HSM Client 7.2.0

>Luna HSM Client 7.1.0

>Luna HSM Client 7.0.0

NOTE   About Luna HSM Client Version Numbering

Luna HSM Client version numbers use the format <Major>.<Minor>.<Patch>-<BuildNumber>. This version number is visible in the banner of all client utilities. The version is updated on all utilities in a client release even if no changes have been made to that utility since the previous version.

>Major: Either 7 or 10:

7: Released before Luna Cloud HSM support

10: Includes Luna Cloud HSM support

>Minor: Updated for significant new functionality features

>Patch: Updated for bug fixes and minor functionality changes

>BuildNumber: Indicates the internal software build that was released. Only one build is released for general availability. The build number is visible only in utility banners after client installation.

Luna HSM Client Software Patches

Thales has also released the following patch updates for general availability:

>CMU Patch to Allow Crypto User Login

>Luna HSM Client 7.4.2 Patch


Luna Backup HSM 7 Firmware Releases

The Luna Backup HSM 7 is a full-featured, hand-held, USB-attached backup HSM that includes an informational full-color display. It connects easily to a client workstation or Luna Network HSM 7 using the included USB 3.0 Type C cable, and includes a universal 5V external power supply, which may be required to power the device in some instances.

You can use the Luna Backup HSM 7 to back up your Luna HSM 5.x, 6.x, and 7.x user partitions.

NOTE   The smart card slot located at the bottom front of the unit is reserved for future use and has been disabled in this release.

For detailed usage instructions, see Luna Backup HSM 7.

The Luna Backup HSM 7 is available in the following models. All models can be initialized in multifactor quorum or password-authenticated mode. In-field storage upgrades are not available.

B700 32 MB storage, up to 100 partitions of the same authentication type
B750 128 MB storage, up to 100 partitions of the same authentication type
B790 256 MB storage, up to 100 partitions of the same authentication type

To use the Luna Backup HSM 7, you must upgrade to Luna HSM Client 10.1.0 or newer. Thales has released the following firmware updates for the Luna Backup HSM 7:

>Luna Backup HSM 7 Firmware 7.7.2

>Luna Backup HSM 7 Firmware 7.7.1

>Luna Backup HSM 7 Firmware 7.3.2

FIPS 140-2 Level 3 Certified Luna Backup HSM 7 Firmware Versions

The following Luna Backup HSM 7 firmware versions are FIPS 140-2 Level 3 certified per certificate #4195:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4195

>Luna Backup HSM 7 Firmware 7.7.1 (recommended)


Luna Backup HSM G5 Firmware Releases

The Luna Backup HSM G5 is a USB-attached backup HSM that connects easily to a client workstation orLuna Network HSM 7, and allows you to back up and restore your Luna 5.x, 6.x, and 7.x partitions. Thales has released the following firmware updates for the Luna Backup HSM G5, relative to Luna 7 HSMs.

>Luna Backup HSM G5 Firmware 6.28.0

>Luna Backup HSM G5 Firmware 6.26.0

>Luna Backup HSM G5 Firmware 6.24.7


Luna PED Firmware Releases

The Luna PIN Entry Device (Luna PED) provides PIN entry and secret authentication to a Luna HSM that requires multifactor quorum authentication. Thales has released the following updates to the Luna PED firmware for use with Luna 7 HSMs:

>Luna PED Firmware 2.9.0

>Luna PED Firmware 2.8.0

>Luna PED Firmware 2.7.4

>Luna PED Firmware 2.7.1