Tektronix 5 Series MSO Low Profile (MSO58LP) with Option 5-SEC Declassification and Security Instructions

xx

5SeriesMSOLowProfile (MSO58LP)
With Option 5-SEC Enhanced Security

ZZZ

Declassification and Security

Instructions

Revision A: 20181011

www.tektronix.com

*P077140701*

077-1407-01

Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by
national copyright laws and international treaty provisions.

Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published
material. Specifications and price change privileges reserved.

TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.

TekSecure is a trademark of Tektronix; Inc.

Contacting Tektronix

Tektronix, Inc.
14150 SW Karl Braun Drive
P.O. B o x 5 0 0
Beaverton, OR 97077
USA

For product information, sales, service, and technical support:

In North America, call 1-800-833-9200.
Worldwide, visit www.tek.com to find contacts in your area.

Table of Contents

Preface ............................. .................................. ................................ ............................................................... iii

Supported products ........................................................................................................................................... iii

About option 5-SEC......................................................................................................................................... . iv

Terms................................................................................................................................................ ............ v

Memory device clear and sanitize procedures................................................................................................................... 1

Nonvolatile, volatile memory device table terminology. . ..... . ..... . ... . . ..... . ..... . ... . . . .... . ..... . ..... . ..... ..... . ..... . ..... . ...................... 1

Memory devices ......................... .................................. ................................ .................................................... 2

Media and data export devices ............................................................................................................................... 6

Resetting the instrument CMOS ............................................................................................................................. 7

Resetting the instrument clock ... ................................ .................................. .......................................................... 8

How to clear or sanitize a working instrument .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ............................ 10

Clear the Network Configuration password............................... ................................ .................................. ...............10

Clear the network DNS Hostname and description ....................................................................................................... 10

Clear Ethernet port settings........... ................................ .................................. ..................................................... 11

Delete USB port and software update password .......................................................................................................... 11

The Clear/Sanitize process is done ......................................................................................................................... 12

How to sanitize a nonfunctional instrument . .... . ..... . ..... . ..... . ..... ..... . ..... . ..... . ..... . ... . . . .... . ..... . ..... . ..... . ..... . ............................ 13

Repair charges.............................................................................................................................................. ... 15

MSO58LP with Option 5-SEC Declassification and Security Instructions i

Table of Contents

ii MSO58LP with Option 5-SEC Declassification and Security Instructions

Preface

This document helps customers with data security concerns to clear or sanitize a 5 Series MSO Low Profile MSO58LP
instrument that has factory option 5-SEC installed.

The instrument has data storage devices (memory and a removable mass storage drive) and data export interfaces (USB and
Ethernet). These instructions describe how to clear or sanitize the memory devices and disable the data output interfaces.
The instructions also describe how to sanitize an instrument that is not functioning.

Reference

Supported products

The procedures in this document are written to meet the requirements specified in:

National Industrial Security Program Operating Manual (NISPOM), DoD 5220.22–M, Chapter 8

Defense Security Service Manual for the Certification and Accreditation of Classified Systems under the NISPOM

These instructions cover the following instrument:

MSO58LP with factory installed option 5-SEC

NOTE.

Option 5-SEC must be ordered at the same time that you order an instrument.

MSO58LP with Option 5-SEC Declassification and Security Instructions iii

Preface

About option 5-SEC

NOTE.

Option 5-SEC provides the highest level of instrument security for 5 Series MSO products. Option 5-SEC features include:

Option 5-SEC must be ordered at the same time you order an instrument.

Oscilloscope hardware is configured to easily declassify the oscilloscope:

The main system memory is easily removed without disassembling the instrument

Data can only be saved to or read from a USB port on the instrument, a mounted network drive, or through the

programmatic interface

Password protection to enable/disable external USB Host and Device ports

Password protection to enable/disable firmware upgrades or downgrades

PasswordprotectiontopreventBIOSmodification and booting from USB flash devices.

iv MSO58LP with Option 5-SEC Declassification and Security Instructions

Terms

Preface

The following terms may be used in this document:

Clear.

deny access to previously stored information by standard means of access.

Erase.

Media.

drive or USB port.

Sanitize.

This is typically used when the device is moved (temporarily or permanently) from a secured area to a nonsecured area.

Scrub.

Remove.

are available in the product service manual.

User-Accessible.

User-Modifiable.

instrument user interface or remote control.

Volatile memory.

Nonvolatile memory.

Power off.

data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must either
push a rear-panel OFF switch or remove the power source from the instrument.

This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to

This is equivalent to clear.

Storage/data export device. A device that stores or exports data from the instrument, such as a USB flash

This removes the data from media/memory so that the data cannot be recovered using any known technology.

This is equivalent to sanitize.

This is a physical means to clear the data by removing the memory device from the instrument. Instructions

The user can directly retrieve the memory device contents.

The memory device can be written to by the user during normal instrument operation, using the

Memory that loses data when the instrument is powered off.

Memory that retains data when the instrument is powered off.

Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For clearing

Instrument Declassification.

removed from a secure environment. Declassification procedures include memory sanitization, memory removal,
and sometimes both.

MSO58LP with Option 5-SEC Declassification and Security Instructions v

A term that refers to procedures that must be undertaken b efore an instrument can be

Preface

vi MSO58LP with Option 5-SEC Declassification and Security Instructions

Memory device clear and sanitize procedures

Nonvolatile, volatile memory device table terminology

The tables in this section use the following terms:

User data

information representing signals connected to the instrument by users.

User settings

changed by the user.

Both.

stored in the device.

None.

stored in the device.

Directly.

Indirectly.

the user cannot modify the data.

. Describes the type of information stored in the device. Refers to waveforms or other measurement

. Describes the type of information stored in the device. Refers to instrument settings that can be

Describes the type of information stored in the device. It means that both user data and user settings are

Describes the type of information stored in the device. It means that neither user data or user settings are

Describes how data is modified. It means that the user can modify the data.

Describes how data is modified. It means that the instrument system resources modify the data and that

MSO58LP with Option 5-SEC Declassification and Security Instructions 1

Memory device clear and sanitize procedures

Memory devices

The following tables list the volatile and nonvolatile memory devices in the instrument.

Table1: Volatilememorydevices

Typ e and
minimum size Function

SDRAM ≥16 GB
(All models)

SDRAM ≥4GB

SDRAM
≥512 MB

CMOS RAM
≥256 Bytes

Host processor
memory

Holds active
acquisition data

Holds video graphics
data

Holds clock and BIOS
configuration data

Type of user
info stored

User data or
user setting

User data No Indirectly Application

User data No Indirectly Application

None Yes Indirectly

Backed-up
by battery

No Indirectly Written by

Method of
modification

Data input
method Location

processor
system

software
operations

software
operations

BIOS
operations

Module socket
(SODIMM)
on the carrier
interface
assembly

Module socket
(SODIMM)
on the carrier
interface
assembly

Acquisition
board

Carrier interface
assembly

User
accessible To clear To sanitize

No Unplug the instrument

No Unplug the instrument

No Unplug the instrument

Yes

for at least 30 seconds

for at least 30 seconds

for at least 30 seconds

Push the CMOS clear
button on the bottom
of the instrument
for a minimum of
30 seconds. (See

Resetting the

page 7,

instrument CMOS

.)

Unplug the instrument
for at least 30 seconds

Unplug the instrument
for at least 30 seconds

Unplug the instrument
for at least 30 seconds

Push the CMOS clear
buttononthebottom
of the instrument
for a minimum of
30 seconds. (See

Resetting the

page 7,

instrument CMOS

.)

2 MSO58LP with Option 5-SEC Declassification and Security Instructions

Table 2: Nonvolatile memory devices

Memory device clear and sanitize procedures

Type and minimum size Function

Linux Solid State Drive Card
≥80 GB

EEPROM

1

≥2Kbit

EEPROM

1

≥2Kbit

EEPROM

1

≥64 Kbit

EEPROM

1

≥1Kb
Four to six pieces depending
on model

Host instrument Linux
operating system,
application software

Stores factory data,
maintenance data, user
password

Holds AFG calibration
data, USB port access
password

Holds the front panel
USB configuration

Holds the SODIMM
memory configuration
data (SPD)

Type of user
info stored

None Indirect Written by

Port access
password

Ethernet IP
settings

None Indirect Factory

None None Factory

None None Factory

Method of
modification

Directly
settable from
UI or by using
PI commands

Data input
method Location

processor
system,
software
operations

UI, Factory
operations and
programmatic
commands

operations

operations

operations

Socket
(m.2) on
the carrier
interface
assembly

Acquisition
board

AFG riser
board

Front panel
LED board

Module
socket
(SODIMM)
on the
carrier
interface
assembly
and module
socket
(SODIMM)
on
acquisition
board

User
accessible To clear To sanitize

Yes

Yes

No Not applicable, does

No Not applicable, does

No Not applicable, does

(See page 10,

to clear or sanitize a
working instrument

(See page 10,

to clear or sanitize a
working instrument

not contain user
data or settings.
Clearing would
disable instrument
functionality.

not contain user
data or settings.
Clearing would
disable instrument
functionality.

not contain user
data or settings.
Clearing would
disable instrument
functionality.

How

How

(See page 10,

clear or sanitize a working
instrument

.)

(See page 10,

clear or sanitize a working
instrument

.)

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

How to

.)

How to

.)

MSO58LP with Option 5-SEC Declassification and Security Instructions 3

Memory device clear and sanitize procedures

Type and minimum size Function

Flash Memory

1

≥16 Mbit
Two pieces

Flash Memory
≥128 Mbit

Flash Memory
Unspecified size, three pieces

Flash Memory
≥32 KB

1

1

Holds a part of the
Acquisition FPGA
configuration

Stores processor
BIOS firmware, BIOS
configuration, and
embedded controller
firmware. The Ethernet
MAC address is stored in
this device.

Stores power supply
configuration data

Stores power
management controller
firmware

Type of user
info stored

None Indirect Application

None Indirect

None Indirect Application

None Indirect Application

Method of
modification

Data input
method Location

software
operations

BIOS
operations,
operating
system
operations
and factory
operations

software
operations

software
operations

Acquisition
board

Processor
module
board

Internal
to the
UCD9248
power
supply
controller
on the
acquisition
board and
carrier
interface
assembly

Internal
to the
MC9S08 micro
controller
on the
acquisition
board

User
accessible To clear To sanitize

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

4 MSO58LP with Option 5-SEC Declassification and Security Instructions

Memory device clear and sanitize procedures

Type of user

Type and minimum size Function

Flash Memory

1

≥64 KB
Two to four pieces depending
on model

Flash Memory
≥0.33 Mbit

1

1

The size of memory devices may increase during the product life cycle.

Stores analog board
microcontroller firmware

Stores the processor
carrier FPGA
configuration

info stored

None Indirect Application

None None Factory

Method of
modification

Data input
method Location

software
operations

operations

Internal
to the
MKL14 micro
controller on
the analog
board

Internal
to the
LCMXO2
FPGA on
the carrier
interface
assembly

User
accessible To clear To sanitize

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

No Not applicable, does

not contain user
data or settings.
Clearing would
disable instrument
functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.

MSO58LP with Option 5-SEC Declassification and Security Instructions 5

Memory device clear and sanitize procedures

Media and data export devices

The following table lists the data export devices in the instrument.

Table 3: Media and data export devices

Type Function

USB Host ports User storage and recall of

reference waveforms, screen
images, and instrument
setups, and installation of
firmware updates using
removable USB flash drives

USB Device port

Ethernet

Remote control and data
transfer to a PC

Transfer data and remote
control of instrument.

Method of
modification

Directly User writeable

Directly Remote control

Directly Remote control

Data input
method Location User accessible To disable

using USBTMC

using LXI, VISA,
or Socket Server

Three USB Host
ports on front of
the instrument;
four USB Host
ports on the back
of the instrument

USB Device port
on back of the
instrument

Ethernet port on
back of instrument

Yes

Yes

Yes The Ethernet LAN port cannot be

Use the
to disable all USB ports (Host and
Device). Requires a password
(user-created when first disabled)

Use the
to disable all USB ports (Host and
Device). Requires a password
(user-created when first disabled)

disabled.

Utility > Security

Utility > Security

menu

menu

6 MSO58LP with Option 5-SEC Declassification and Security Instructions

Resetting the instrument CMOS

Do the following steps to reset the instrument CMOS device:

1.

Disconnect the instrument power cord.

2.

Disconnect all probes and cables.

3.

Turn the instrument over so the bottom faces up.

4.

Using a small, nonsharp tool, push and hold the indented CMOS reset button for 30 seconds.

Memory device clear and sanitize procedures

5.

Turn the instrument over.

6.

Set the instrument clock. (See page 8, Resetting the instrument clock.)

MSO58LP with Option 5-SEC Declassification and Security Instructions 7

Memory device clear and sanitize procedures

Resetting the instrument clock

Do the following steps to reset the instrument clock in case the instrument date and time are incorrect, or after a CMOS reset:

1.

Connect a keyboard and monitor to the instrument.

2.

Power on the instrument.

3.

While the instrument is powering on, continuously press theF2or

4.

Enter the password (yours or the default password). If you are logging in for the first time, the factory installed
password is
password in accordance with your organization’s policies.

WARNING.

way for Tektronix to gain access to the instrument BIOS settings once the password is changed from the factory default
value. If you need to return the instrument to Tektronix for service, you must reset the BIOS password back to the factory
default value

5.

6.

7.

8.

9.

Please select a boot device

The

Use the down arrow key to select

In the Main tab (default), use the down arrow to select
described on the screen to select and enter correct information in the date fields.

In the Main tab (default), use the down arrow to select
described on the screen to select and enter correct Coordinated Universal Time (UTC) information in the date fields.
Use the Web to determine the current UTC time. (note; Do not enter your local time.)

Once the time is set, press theF4key to save this value and exit the setup screen. The instrument powers on to the
normal oscilloscope view.

Tektronix

MakesurethatyoukeeparecordoftheinstrumentBIOSpassword in your organization’s records. There is no

Tektr o n ix

. Once you have logged in using the factory default BIOS password, create and enter a new

before sending to the Tektronix Service Center.

screen appears.

Enter Setup

and press

Enter

System Date

System Time

Delete

.

key until the

. If the date is not current, use the keys as

. If the time is not current, use the keys as

BIOS Login

screen appears.

10.

Double-tap the

11.

Tap the Time Zone field and select the correct time zone for your instrument location.

8 MSO58LP with Option 5-SEC Declassification and Security Instructions

Date and Time

badge in the lower right of the screen.

Memory device clear and sanitize procedures

12.

Enable the

13.

Tap outside the menu to close the time zone setting.

Automatically adjust clock for Daylight Savings Time

functionifusedinyourtimezone.

MSO58LP with Option 5-SEC Declassification and Security Instructions 9

How to clear or sanitize a working instrument

How to clear or sanitize a working instrument

Run all the following procedures, in order, to clear or sanitize the instrument. You typically clear or sanitize an instrument
when you want to erase files to clear space or turn the instrument over to another person or department.

Clear the Network Configuration password

1.

Connect the instrument to a network to which you have access.

2.

Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.

3.

4.

Click the

Click

Security for Network Config

Submit

If a password was set for this function, you are requested to enter the password. If the password is accepted, the

password is set to blank (the default setting of the access password fields).

If a password was not set for this function, the screen displays the message that the password was successfully

changed (to a blank password).

:

Clear the network DNS Hostname and description

1.

Connect the instrument to a network to which you have access.

2.

Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.

3.

Click the

4.

Delete all text in both of the

5.

Click the Host Settings
the original factory default value.

6.

ClickOK. The message closes and the fields are restored to their original factory settings.

Network Configuration

Host Settings

Submit

link on the left side of the screen.

link on the left side of the screen.

fields.

button. A message appears stating that the field is empty, and will be configured to

10 MSO58LP with Option 5-SEC Declassification and Security Instructions

Clear Ethernet port settings

1.

Disconnect the Ethernet cable from the instrument.

2.

Connect a keyboard and monitor to the instrument.

How to clear or sanitize a working instrument

3.

Open the

4.

In the LAN panel, clear all information from the

5.

Click the

6.

Click

7.

Tap

8.

Tap outside the menu to close it.

NOTE.

instrument to your network, enter the instrument’s IP address into a web browser on a PC that is connected to a network
that has access to the instrument, click the
TCP/IP Mode box, clear all information from all fields, and click the Address Settings

Utility > I/O

LAN Reset

OK

.

Apply Changes

You can also clear the instrument IP Address settings from the instrument’s web-based interface. Connect the

menu.

button.

. It may take a few moments for the changes to take effect.

Delete USB port and software update password

If you have entered a password to enable/disable USB ports and software updates, do the following:

1.

Connect a keyboard and monitor to the instrument.

2.

Open the

Utility > Security > Change Password

Host Name,Domain Name

Network Configuration

menu.

Service Name

,and

link on the left side of the screen, select the Manual

Submit

button.

fields.

3.

Enter in the current password in the

4.

MSO58LP with Option 5-SEC Declassification and Security Instructions 11

Delete Password

Tap

.

Current Password

field.

How to clear or sanitize a working instrument

The Clear/Sanitize process is done

You can now remove the instrument from the secured environment.

12 MSO58LP with Option 5-SEC Declassification and Security Instructions

How to sanitize a nonfunctional instrument

Do the following to clear or sanitize your instrument if it is not functioning and must be returned to Tektronix for repair:

How to sanitize a nonfunctional instrument

CAUTION.

with proper electrostatic discharge controls in place (such as a grounded antistatic wrist strap).

1.

Disconnect the instrument power cord.

2.

Disconnect all probes and cables.

3.

Remove all external USB memory devices. Store or destroy the USB memory devices in accordance with your
organization’s guidelines.

4.

Turn the instrument over so that the bottom is facing up.

5.

Use a T-10 Torx screw driver to remove the three screws on the Sold State Drive cover.

To avoid damaging other circuits in the instrument, perform the following procedure in a static-safe environment

6.

Use a T-10 Torx screw driver to remove the screw from the end of the memory card.

MSO58LP with Option 5-SEC Declassification and Security Instructions 13

How to sanitize a nonfunctional instrument

The end of the memory card lifts upward as you remove the screw.

7.

Grasp the edges of the raised end of the card and pull to remove the memory card. Store or destroy the memory
card in accordance with your organization’s guidelines.

8.

Reattach the drive cover.

9.

Package the instrument for shipping. Contact Tektronix for guidelines on correct packaging to best protect your
instrument during shipping.

10.

Send the instrument to a Tektronix Service Center. The instrument will then be repaired, calibrated as necessary,
andreturnedtoyou.

14 MSO58LP with Option 5-SEC Declassification and Security Instructions

Repair charges

How to sanitize a nonfunctional instrument

In North America, contact the Tektronix Customer Care Center (1-800-833-9200) for assistance with returning the
instrument to a service center. Worldwide, visit www.tektronix.com to find contacts in your area.

Replacement of damaged and missing hardware is charged according to the rate at the time of replacement.

MSO58LP with Option 5-SEC Declassification and Security Instructions 15