Go to content

Firmware update

Updating the firmware is an important part of the HSM's security; new versions are released frequently and it is recommended that the HSM is updated to the latest version whenever there is a change in the operation of the modules used, security, performance or problem correction.

You can follow releases and release notes via email notifications, see Firmware for more information.

The ST, XP and CD HSMs share the same firmware update file, called upack. It can be downloaded from the Downloads page.

Requirements

Info

Firmware versions prior to 5x do not have the HTTP console and it is necessary to use the CLI console (hsmcon) to update.

If you're on an older firmware version, go straight to the command line script.

  1. Physical access to the HSMs with the smart cards and PIN for each one.
  2. Keyboard and monitor.
  3. A workstation with connectivity via port 443 (if using HTTP console) or TCP 4433 (if using CLI console) to the HSM.
  4. HSM client software installed on the workstation (see Downloads), if the current firmware version does not have the HTTP console.
  5. Upack file downloaded.
  6. HSM service started.

Sending the upack (via HTTP console)

  1. To start the update, you need to connect to the HSM using the HTTP console (more details in the topic HTTP console). To do this, simply connect to the HSM IP in https using a browser (example: https://192.168.1.100).

    Login screen
    Login screen

    If you see a screen like the one below, just click next and then continue.

    Error screen
    Error screen

  2. Once connected, check the current version of the firmware and loaded modules by going to System Information.

    System information
    System information

  3. Use the menu on the left and click on Firmware update.

    Error screen
    Error screen

  4. Drag the upack file to the designated area on the page or click to select and then click the Click here to send button.

    You can confirm that the upack has been sent by the green success notification in the top right-hand corner, or by clicking on the bell icon to see the notifications.

    Error screen
    Error screen

  5. Continue the process with HSM Local Reboot.

Sending the upack (via CLI console)

In cases where the HTTP console is not available, you can use the CLI console (hsmcon) to update.

Open a terminal (prompt/shell), type hsmcon to run the program and connect to the HSM.

On the main screen, type in the Firmware Update item number and press ENTER.

Dinamo - Remote Management Console v. 4.7.12.0 2018 (c) Dinamo Networks

HSM 192.168.1.152 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

Main Menu

Keys/Objects Users HSM

 1 - Create...            17 - Create 33 - Info
 2 - Remove 18 - Remove 34 - Logs...
 3 - Attributes 19 - List 35 - Backup...
 4 - Import...            20 - Attributes 36 - Monitoring...
 5 - Export...            21 - Trust Relations 37 - Firmware update
 6 - List 22 - Password Policy 38 - Replication...
 7 - Permissions...       23 - My Password 39 - SPB...
 8 - Backup 40 - EFT...
 9 - Restore 41 - IP Filter...
                                                       42 - Tests...
                                                       43 - Dinamo Services...
                                                       44 - Tools...




 0 - Exit

Option: 37

Key y e ENTER on the next screen:

Dinamo - Remote Management Console v. 4.7.12.0 2018 (c) Dinamo Networks

HSM 192.168.1.152 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

HSM - Firmware update

*******************************************************************************
* *
* Warning *
* *
* Firmware update is a critical operation for the correct and safe *
* operation of the HSM. In case of doubt consult the technical support of *
* of your vendor.                               *
* *
*******************************************************************************

Continue updating firmware (y/[n]):

On the next screen hsmcon will ask for the file path upack.

Dinamo - Remote Management Console v. 4.7.12.0 2018 (c) Dinamo Networks

HSM 192.168.1.152 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

HSM - Firmware update

*******************************************************************************
* *
* Warning *
* *
* Firmware update is a critical operation for the correct and safe *
* operation of the HSM. In case of doubt consult the technical support of *
* of your vendor.                               *
* *
*******************************************************************************

Continue updating firmware (y/[n]): y
Local file to read upack: d:/dinamo/hsm_dinamo-firmware_upgrade-v_5.0.23.0.upack

Check the description of the upack that the file sent was the correct one, press y e ENTER:

Dinamo - Remote Management Console v. 4.7.12.0 2018 (c) Dinamo Networks

HSM 192.168.1.152 e - Engine 5.0.22.0 (DXP) - TCA0000000 - ID master

HSM - Firmware update

*******************************************************************************
* *
* Warning *
* *
* Firmware update is a critical operation for the correct and safe *
* operation of the HSM. In case of doubt consult the technical support of *
* of your vendor.                               *
* *
*******************************************************************************

Continue updating firmware (y/[n]): y
Local file to read upack: d:/dinamo/hsm_dinamo-firmware_upgrade-v_5.0.23.0.upack

Upack size: 72355387 bytes
Upack description: 'Dinamo HSM, full firmware upgrade to version 5.0.23.0'.
Confirm sending upack to HSM (y/[n]): y

Upack successfully sent. This upack will be processed by the HSM in the next restart.


Press ENTER key to continue.

HSM local reboot

  1. After sending the upack, you need to start a reboot. Using a monitor and keyboard, authenticate with the cards on the local console.

  2. It is possible before the reboot check the upack pending by pressing the F6 on the home screen.

    Screen with _upack_ hanging
    Pendant upack screen

  3. On the start screen, choose the reboot option and press ENTER.

    Local console home screen
    Local console home screen

  4. Choose Yes and press ENTER.

    Reboot confirmation
    Reboot confirmation

  5. If you see a message indicating that users are still connected, just wait.

    Waiting to close user connections
    Waiting to close user connections

  6. When an update confirmation message appears, select Yes and press ENTER.

    Update confirmation
    Update confirmation

  7. On the start screen, proceed to start the HSM service.

Update check

  1. The first check can be done locally on the workstation by looking at the version on the about screen.

    Update check
    Update check

  2. A second check can be made in the HTTP console, to do this simply connect to the HSM IP in https using a browser (example: https://192.168.1.100).

  3. Once connected, click on system information to see the firmware version. By clicking on the arrow you can also see the version of the modules that have been loaded.

    Update check
    Update check