Luna HSM Firmware 7.7.2

Luna HSM Firmware 7.7.2 was released in December 2021. It includes bug fixes and updated FIPS 140-3 compliance requirements.

>Download Luna HSM Firmware 7.7.2 for Network HSM

New Features and Enhancements

Luna HSM firmware 7.7.2 includes the following new features and enhancements:

ECIES Hardware Acceleration using Curve25519

Luna HSM firmware 7.7.2 adds enhanced performance for ECIES using Curve25519.

ECIES AES-CTR ICB Derivation

Luna HSM firmware 7.7.2 adds the derivation of the Initial Counter block (ICB) for ECIES AES-CTR encryption scheme to support the 5G 3GPP TS 33.501 standard, for processing of Subscription Concealed Identifier (SUCI) de-concealment requests. See CKM_ECIES.

This feature also requires minimum Luna HSM Client 10.3.0, or Luna HSM Client 10.4.0 for JCPROV.

Key Wrapping/Unwrapping with AES GCM

Luna HSM firmware 7.7.2 supports wrap/unwrap operations using the CKM_AES_GCM mechanism.

Validate Integrity of Functionality Modules

The FMSW_GetImage API call returns a pointer to a Functionality Module image and a pointer to the size of the image, to assist the verification of FMs in compliance with industry and national standards. See FMSW_GetImage API to validate an FM.

Release 7.7.2 Advisory Notes

This section highlights important issues you should be aware of before deploying HSM firmware 7.7.2.

Appliance Software Version 7.7.1 Required for Firmware 7.7.2 Update

The SPKG file containing the Luna HSM firmware 7.7.2 update requires minimum Luna Network HSM Appliance Software 7.7.1. Update your appliance software before installing the firmware package.

Luna Network HSM Appliance BIOS and BMC Firmware Update Patch is a Prerequisite

The Network HSM Appliance BIOS and BMC Firmware Update Patch i is a prerequisite for upgrading to Luna Network HSM appliance software 7.7.1 and newer. If your appliance was already at version 7.7.0, then the patch is already installed. If you are updating from an appliance version earlier than 7.7.0, then the patch must be installed before upgrading to 7.7.1 or newer.

CAUTION!   The Network HSM Appliance BIOS and BMC Firmware Update Patch must be installed over SSH only. Installation over a serial port connection will fail.

RSA Keygen Mechanism Remapping on Luna 7.7.1 or Newer Partitions Requires Minimum Luna HSM Client 10.4.0

Luna HSM Firmware 7.7.1 or newer partitions that have been individually set to FIPS mode using the new partition policy 43 require Luna HSM Client 10.4.0 or newer to automatically remap older RSA mechanisms as described in Mechanism Remap for FIPS Compliance.

Firmware 7.7.2 Valid Update Paths

You can update the Luna HSM firmware to version 7.7.2 from the following previous versions:

>7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.3.3, 7.4.0, 7.4.1, 7.4.2, 7.7.0, 7.7.1