Thales Data Protection on Demand 

https://thalesdocs.com/dpod/support/changelog/index.html

Floating IP for Luna Cloud HSM Datacenters

Starting in January 2024, Luna Cloud HSM Datacenters will be configured with a floating IP address. Users should be aware that any client configuration that relies on a static IP address configuration will no longer operate once this change is made. Please consult the Client Network Connectivity Documentation for information about configuring your client environment. Thales does not recommend using any static IP filtering when accessing the service. Should your configuration require the use of static IP address filtering, please contact Thales Customer Support for more information.

Removed Service Provider Tenant Usage Report and Associated Endpoints

The Service Provider Tenant Usage Report and the associated tenants/usageReport, tenants/usageDetails, and service_instances/usageDetails endpoints have been removed from the platform.

As an alternative use the Service Report in the DPoD service provider tenant or the /v1/service_instances/usageBillingReport endpoint, and the  /v1/backoffice/serviceAgreements{tenantId} endpoint to compile tenant usage information.

The Support Tool Has Been Upgraded

An issue was found with the Luna Cloud HSM Support Tool version 1.0.0 where incorrect data was reported for datacentre connectivity in some cases. 

This issue has been fixed with the Luna Cloud HSM Support Tool version 1.0.2.

Luna Cloud HSM Support Tool version 1.0.2 addresses the following bug: 

  • LCH-1498 - Support Tool reports incorrect info due to AuthN Changes.

Luna Cloud HSM Releases FW 2.0.2 Upgrade

FW 2.0.2 has been released to all production environments. This release resolves an issue that prevented cloning objects between two Luna Cloud HSM partitions when using the 10.5 client.

The new firmware versions based on region and FIPS mode are as follows: 

  • NA FIPS - 2.0.2
  • NA non-FIPS - 2.0.2
  • EU FIPS - 2.0.2
  • EU non-FIPS - 2.0.2

FW 2.0.2 includes the following bug fixes:

  • LCH-489 - CPv4 Cloning command permissions incorrect for pre-FW-2.0 partitions.
  • DPS-10104 - Luna Cloud HSM Partition Cloning Fails with the 10.5 Client

    Cloning keys between two Luna Cloud HSM partitions fails when using the 10.5 client. There are currently two possible workaround scenarios.
    -> Workaround #1 - If there is a Luna SA7 (or any other separate device to use as an intermediary for the cloning) then clone to and from that device.

    -> Workaround #2 - If there is no separate device then completely uninstall the 10.5 client and install the 10.4 client from scratch. For this option please raise a support ticket to the Thales Customer Support portal to request to join the 2 partitions together as the 10.4 client does not support dynamic partition loading.


Luna Cloud HSM Partition Cloning Fails with the 10.5 Client

Bugs Found 

  • DPS-10104 - Luna Cloud HSM Partition Cloning Fails with the 10.5 Client
    Cloning keys between two Luna Cloud HSM partitions fails when using the 10.5 client. There are currently two possible workaround scenarios.
    -> Workaround #1 - If there is a Luna SA7 (or any other separate device to use as an intermediary for the cloning) then clone to and from that device.
    -> Workaround #2 - If there is no separate device then completely uninstall the 10.5 client and install the 10.4 client from scratch. For this option please raise a support ticket to the Thales Customer Support portal to request to join the 2 partitions together as the 10.4 client does not support dynamic partition loading.
    You can make the request by following this link:
    https://thalesdocs.com/dpod/resources/client_resources/client_connect_to_multiple_services/index.html

Updated Luna Cloud HSM Service Firmware Versions in NA and EU

FW 2.0 has now been FIPS approved. 

The NIST Certificate verifying that FW 2.0 is now FIPS approved can be found in this Cryptographic Module Validation Program link.

The firmware versions for Luna Cloud HSM Services operating in FIPS and non-FIPS NA and EU environments have been updated. The new firmware versions based on region and FIPS mode are as follows:

  • NA FIPS - 2.0
  • NA non-FIPS - 2.0.1
  • EU FIPS - 2.0
  • EU non-FIPS - 2.0.1 

In addition to the new releases, FW 2.0.1 also includes the following bug fixes:

  • LGX-4120 - Ed25519 was failing with CKR_ECC_UNKNOWN_CURVE. Ed25519 no longer fails with CKR_ECC_UNKNOWN_CURVE.
  • LKX-9788 - The DES3-CBC unwrapping mechanism was failing. DES3-CBC no longer fails during unwrapping.

Updated Luna Cloud HSM Service Firmware Versions to Support Universal Cloning in NA and EU Non-FIPS Mode

The firmware versions for Luna Cloud HSM Services operating in NA and EU non-FIPS environments have been updated. The current firmware version based on region and FIPS mode are as follows:

  • NA FIPS - 1.5
  • NA non-FIPS - 2.0
  • EU FIPS - 1.5
  • EU non-FIPS - 2.0 

Universal Cloning

Universal Cloning (CPv4) is now a supported feature when combining UC 10.5.0 and Firmware 2.0. Universal Cloning can be used for key migration to any trusted Thales HSMs that also support the Universal Cloning protocol.

In order to use the Universal Cloning feature, the following must be true:

  • you have a Luna Client at version UC 10.5.0 or newer
  • you have Firmware at version 2.0 or newer
  • the source partition's security policy allows cloning of private and secret keys

NOTE: You can only clone between initialized partitions, and they must have the same cloning domain (secret), which is provided at the time of initialization.

More info can be found here: Universal Cloning.

Mutex Error Message When Using CKLog Fixed in UC 10.5

In UC 10.4, a bug was found when using CKLog in Linux with a Luna Cloud HSM client package. The output was spammed with "LunaNamedSystemMutex: open() failed: No such file or directory".

In the UC 10.5 client, the new mutex folder will use the /lock directory which solves this issue.

Show Previous EntriesShow Previous Entries