Skip to main content

Primus HSM - Firmware Update

Securosys continously releases new features, bug fixes, and security improvements for the Primus HSM firmware. To keep your Primus HSM up-to-date and secure, firmware updates should be installed regularly, subject to your organization's policies.

Firmware update requires SO activation (or Genesis role in factory default state). Primus HSMs come preinstalled with a certain firmware version. It is often beneficial to update the firmware of the HSM before fully setting it up, to take full advantage of new features.

There are multiple release branches, such as Long-Term Support (LTS) branches and branches that have been certified. At a certain point, old release branches are no longer supported, and will no longer receive updates. For details, see the firmware download and the Product Lifecycle Policy.

Firmware Update Requirement

Firmware updates require a valid Maintenance & Support (M&S) contract and may be restricted based on the license type.

How to Update the Firmware

Download the latest firmware from the Support Portal. Select the correct firmware and release branch for your device. Before updating, consult the firmware release notes.

Loading the firmware package onto the Primus HSM can be done either using a USB device or by using WebDAV storage (if configured). Firmware packages are signed, and will be verified by the Primus HSM before installation to ensure authenticity.

If you have multiple HSM clusters (e.g. production and testing), start by upgrading the testing cluster. Only update the production cluster after you have verified that your applications are compatible with the new firmware version.

The high-level steps for updating an HSM cluster are:

  1. Prepare the material (firmware file, Genesis role, min. Security Officers, license file)
  2. Take a backup of all devices
  3. Update the license on all devices (if required)
  4. Update a Clone device
  5. Update the Master device
  6. Update any remaining Clones
  7. Update the license again (required if licensed features are unsupported by the previous firmware version)

See Section 7.2 "Firmware Update" in the Primus HSM User Guide for a best practice step-by-step guide for a HA cluster update.

Firmware Rollback

After an update, the previous firmware version is retained on your device. This allows the HSM to return to a previous firmware version. The SO can perform a rollback without providing the previous firmware on a USB storage device.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?