Back to articles
Back to Index

Posted on 27 June 2025 by in Luna HSM

 

Luna HSM Firmware v7.9 Release: NIST-Approved PQC Algorithms Now Built-In 

Luna HSM firmware v7.9 release brings production-ready, NIST-approved PQC algorithms directly into the core of Luna HSMs. This release helps customers and partners to develop stable, standards-aligned solutions and seamlessly integrate quantum-safe cryptography into their systems and infrastructure, protecting critical applications, identities, transactions and sensitive data. This release ensures long-term protection against emerging quantum threats, including Harvest-Now, Decrypt-Later (HNDL) attacks. 

What’s New: 

  • ML-KEM (FIPS 203) and ML-DSA (FIPS 204) now in the core Luna HSM firmware (eliminates the need for functionality modules). 
  • Addresses vulnerabilities related to Harvest Now, Decrypt Later (HNDL) attacks, enhancing security for critical applications such as TLS/SSL and key exchange. 
  • Hybrid PQC encryption reinforces security for high availability (HA) key synchronization and backup/restore processes, protecting data integrity and confidentiality. 
  • Members within a high availability group now benefit from additional protection through hybrid ciphers, ensuring that key synchronization and operational backups are secure. 

Tested & Proven in Real-World Environments: For those planning their PQC transition, this release offers a production-ready, standards-based and certified solution – a critical step beyond experimental implementation.  We also would like to thank our Thales Luna HSM Technology partners and select Luna HSM customers for their valuable contributions in testing and validating this firmware across their PKI platforms and applications, confirming it’s ready for use in real-world HSM use cases like TLS/SSL, IoT, code signing, digital signatures, database encryption and more. 

Downloads and Documentation  

For full release details, visit the Customer Release Notes on Thales Docs.    

For downloads, visit the Thales Customer Support Portal using the following Knowledge Base articles for reference:    

Luna Network HSM 7 – Firmware 7.9.0  KB0029641 
Luna PCIe HSM 7 – Firmware 7.9.0  KB0029642 
Luna HSM Client 10.9.0 for Windows  KB0029645 
Luna HSM Client 10.9.0 for Linux  KB0029646 
Luna HSM Client 10.9.0 for AIX  KB0029647 
Minimal Luna HSM Client 10.9.0 for Linux  KB0029648 
Minimal Luna HSM Client 10.9.0 for ARM64 KB0029649 

Note: PQC for BIOS and firmware signing using LMS/HSS for critical code signing use cases were already made available in a previous release this year.  

Questions? Please contact your Thales representative.