Luna HSM Firmware 7.7.1

Luna HSM firmware 7.7.1 was released in April 2021 for Luna Network HSM only. It was included in the secure package update for Luna Network HSM appliances (see Luna Network HSM Appliance Software 7.7.1). It includes bug fixes and updated FIPS compliance requirements, and is the FIPS-validated firmware version recommended by Thales.

>Download Luna Network HSM Appliance Software 7.7.1 (includes firmware update to Luna HSM Firmware 7.7.1)

Refer to NIST certificate #4090 for FIPS 140-2 Level 3 certification:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090

New Features and Enhancements

Luna HSM firmware 7.7.1 includes the following new features and enhancements:

Set FIPS Mode by Application Partition

Application partitions on HSMs using Luna HSM firmware 7.7.1 can set FIPS mode independently of other partitions on the same HSM, using the new partition policy 43: Allow Non-FIPS Algorithms. With HSM policy 12 set to ON, FIPS mode is still enforced on all partitions on the HSM.

Refer to HSM Capabilities and Policies and Partition Capabilities and Policies.

Release 7.7.1 Advisory Notes

This section highlights important issues you should be aware of before deploying HSM firmware 7.7.1.

Luna Network HSM Appliance BIOS and BMC Firmware Update Patch is a Prerequisite

The Network HSM Appliance BIOS and BMC Firmware Update Patch i is a prerequisite for upgrading to Luna Network HSM appliance software 7.7.1 and newer. If your appliance was already at version 7.7.0, then the patch is already installed. If you are updating from an appliance version earlier than 7.7.0, then the patch must be installed before upgrading to 7.7.1 or newer.

CAUTION!   The Network HSM Appliance BIOS and BMC Firmware Update Patch must be installed over SSH only. Installation over a serial port connection will fail.

RSA Keygen Mechanism Remapping on Luna 7.7.1 or Newer Partitions Requires Minimum Luna HSM Client 10.4.0

Luna HSM Firmware 7.7.1 or newer partitions that have been individually set to FIPS mode using the new partition policy 43 require Luna HSM Client 10.4.0 or newer to automatically remap older RSA mechanisms as described in Mechanism Remap for FIPS Compliance.

Firmware 7.7.1 Valid Update Paths

You can update the Luna HSM firmware to version 7.7.1 from the following previous versions:

>7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.3.3, 7.4.0, 7.4.1, 7.4.2, 7.7.0