Re-Imaging the Appliance to Baseline Software/Firmware Versions
The Luna Network HSM appliance software update includes two versions: the newest version, and a baseline version that is stored in reserve on the appliance. If you find that the latest software does not suit your organization's purposes, you can re-image the appliance to its factory baseline. This procedure formats the Luna Network HSM file system, zeroizes the HSM, erases the appliance configuration, and resets the software/firmware to the baseline version.
This capability is useful if you are re-purposing an HSM for a project that has standardized on an earlier software/firmware configuration, or if you need to format the appliance completely and remove all traces of its prior configuration (to securely return control of the appliance to a cloud provider, for example).
Appliance re-image also allows you to roll back the appliance software, which was not possible in previous Luna releases.
If you have an older Luna Network HSM that you have updated to Luna Network HSM Appliance Software 7.3.0 at least once, the baseline consists of:
After you re-image the appliance, you can update to whichever software/firmware version you wish. For valid update paths, refer to the Customer Release Notes for the version you wish to install. Download your preferred software/firmware version from the Thales Support Portal (see Support Contacts).
CAUTION! Re-imaging to an older appliance software version might expose vulnerabilities that were fixed in newer releases.
Appliance re-image formats the Luna Network HSM appliance file system and zeroizes the HSM. All files and settings on the appliance will be destroyed, including:
>All roles, partitions, and cryptographic objects on the HSM (except for partition licenses); the HSM must be re-initialized
>All existing client and remote PED server registrations, as well as the Remote PED Vector (RPV), which should be reinitialized following re-image, in order to proceed remotely
>All appliance built-in roles, including the admin role return to default passwords, and must be given new, secure passwords
>Any custom appliance roles (deleted completely)
>All appliance configuration settings (except for the network configuration)
>All files stored on the appliance, including upgrade packages and audit logs (lunash:> my file list)
After the appliance re-image procedure, only the following information is preserved:
>Network configuration; if you are accessing the appliance remotely via SSH connection, you will not permanently lose contact with the appliance
>Partition licenses purchased via the Thales License Portal, unless you included the -base option (lunash:> sysconf reimage start)
To re-image the appliance to baseline software/firmware versions
1.Ensure that you have backed up all important cryptographic objects, appliance files, and appliance logs. Each user of the appliance (admin, operator, monitor, audit, and any custom users) must back up any important files by using pscp/scp to transfer them off the appliance file system. Ensure that application partitions are not being used by any client before proceeding.
2.Ensure that you have previously initialized the Auditor role and configured audit logging on the HSM. By default, audit logs for critical events are stored in the HSM's on-board memory. These logs are only accessible to the Auditor, and therefore cannot be erased by the re-image procedure. If you have never configured audit logging on the HSM, these logs remain in the HSM memory. If you are re-imaging the appliance for another party (or returning control of the appliance to a cloud provider), the next Auditor could access these logs.
To prevent this, configure audit logging on the HSM before re-imaging the appliance (see Configuring Audit Logging). This procedure will transfer the existing audit logs to the appliance file system, where they can be retrieved and then erased by the re-image process.
If you have not previously configured audit logging, you are prompted with a warning about this when you initiate the re-image process.
3.Ensure that the Luna Network HSM is connected to an uninterruptible power supply.
CAUTION! Loss of power during the re-image operation may leave the appliance in an unrecoverable state.
4.Log in to LunaSH as admin, and then log in to the HSM as HSM SO.
lunash:> hsm login
5.Re-image the appliance to the baseline version.
lunash:> sysconf reimage start
CAUTION! The operation takes 15-20 minutes, and the appliance reboots twice. Do not manually reboot the appliance, tamper/decommission the HSM, or otherwise interrupt the operation during this time.
lunash:>sysconf reimage start The HSM Administrator is logged in. Proceeding... To remove audit logs from the HSM, you must configure the Audit Logs feature. If you do not configure Audit Logs before re-imaging, the existing audit log history will be retained in the HSM. Type 'proceed' to continue the re-imaging process without configuring Audit Logs, or 'quit' to cancel. > proceed Proceeding... WARNING: This operation will revert the Luna Network HSM to the baseline of software 7.2.0-220 with firmware 7.0.3 !!! (1) This is a destructive operation that erases all partitions and key material. (2) Ensure that you have a valid backup of all your partitions. (3) After completion, you must re-initialize the HSM. (4) After completion, remote PED must be re-connected. (5) This operation takes 15-20 minutes. Make sure you have power backup in place. (6) Access to the appliance will be unavailable. DO NOT restart the appliance during this time. (7) The operation erases all appliance logs. (8) The re-imaging operation will generate additional audit logs in the HSM. (9) The re-imaging procedure includes multiple appliance reboot. (10) This operation CANNOT be undone. Type 'proceed' to continue, or 'quit' to quit now. > proceed Proceeding... Step 1 of 7: Backing up the appliance support information ... Done Step 2 of 7: Setting up the environment for the Appliance Re-image. ... Done Step 3 of 7: Extracting the packages ... This step may take a few minutes... \ Done Step 4 of 7: Preparing the Luna Network HSM baseline installation scripts ... Done Step 5 of 7: Updating to the Luna Network HSM baseline firmware ... Done Step 6 of 7: Installing Luna Network HSM Base licenses ... This step may take a few minutes... \ Done Step 7 of 7: Factory reset Luna Network HSM ... The Luna Network HSM with baseline firmware version has been factory reset. Done The Luna Network HSM will restart multiple times to complete the baseline installation. This process could take 15-20 minutes. Please wait for the operation to complete as interrupting the process could have adverse effects.
During the re-image operation, the following messages appear on the front-panel LCD display to help track the progress:
6.When the process is complete, log in as admin via SSH, using the default password PASSWORD, and set up the appliance as if it were new.
7.[Optional] The admin user can view a summary file of the re-image operation and initial startup. Use pscp/scp to transfer the file to a client workstation.
lunash:> my file list
lunash:>my file list 4134 Jun 19 13:27 firstboot.log Command Result : 0 (Success)
If the re-image operation fails before the appliance reboots, retrieve the re-image log.
lunash:> sysconf reimage tarlog
lunash:>sysconf reimage tarlog 'hsm reimage tarlogs' successful Use 'scp' from a client machine to get file named: Baseline_Re_image_logs.20180614_14.40.40.tar.gz Command Result : 0 (Success)
The log file now appears in the admin user's files on the appliance (lunash:> my file list). Use pscp/scp to transfer it to a client workstation. Thales Customer Support may request this log to help assess the issue.
NOTE The Appliance Re-image feature is not supported on HSMs that use Functionality Modules. If you have ever enabled HSM policy 50: Allow Functionality Modules, even if the policy is currently disabled, you cannot re-image the HSM appliance. See FM Deployment Constraints for details.