Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published
material. Specifications and price change privileges reserved.
TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.
TekSecure is a trademark of Tektronix; Inc.
Contacting Tektronix
Tektronix, Inc.
14150 SW Karl Braun Drive
P.O. B o x 5 0 0
Beaverton, OR 97077
USA
For product information, sales, service, and technical support:
In North America, call 1-800-833-9200.
Worldwide, visit www.tek.com to find contacts in your area.
About option 5-SEC......................................................................................................................................... .iv
Media and data export devices ...............................................................................................................................6
Resetting the instrument CMOS .............................................................................................................................7
Resetting the instrument clock ... ................................ .................................. ..........................................................8
How to clear or sanitize a working instrument .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ............................10
Clear the Network Configuration password............................... ................................ .................................. ...............10
Clear the network DNS Hostname and description .......................................................................................................10
Clear Ethernet port settings........... ................................ .................................. .....................................................11
Delete USB port and software update password ..........................................................................................................11
The Clear/Sanitize process is done .........................................................................................................................12
MSO58LP with Option 5-SEC Declassification and Security Instructionsi
Table of Contents
iiMSO58LP with Option 5-SEC Declassification and Security Instructions
Preface
This document helps customers with data security concerns to clear or sanitize a 5 Series MSO Low Profile MSO58LP
instrument that has factory option 5-SEC installed.
The instrument has data storage devices (memory and a removable mass storage drive) and data export interfaces (USB and
Ethernet). These instructions describe how to clear or sanitize the memory devices and disable the data output interfaces.
The instructions also describe how to sanitize an instrument that is not functioning.
Reference
Supported products
The procedures in this document are written to meet the requirements specified in:
National Industrial Security Program Operating Manual (NISPOM), DoD 5220.22–M, Chapter 8
Defense Security Service Manual for the Certification and Accreditation of Classified Systems under the NISPOM
These instructions cover the following instrument:
MSO58LP with factory installed option 5-SEC
NOTE.
Option 5-SEC must be ordered at the same time that you order an instrument.
MSO58LP with Option 5-SEC Declassification and Security Instructionsiii
Preface
About option 5-SEC
NOTE.
Option 5-SEC provides the highest level of instrument security for 5 Series MSO products. Option 5-SEC features include:
Option 5-SEC must be ordered at the same time you order an instrument.
Oscilloscope hardware is configured to easily declassify the oscilloscope:
The main system memory is easily removed without disassembling the instrument
Data can only be saved to or read from a USB port on the instrument, a mounted network drive, or through the
programmatic interface
Password protection to enable/disable external USB Host and Device ports
Password protection to enable/disable firmware upgrades or downgrades
PasswordprotectiontopreventBIOSmodification and booting from USB flash devices.
ivMSO58LP with Option 5-SEC Declassification and Security Instructions
Terms
Preface
The following terms may be used in this document:
Clear.
deny access to previously stored information by standard means of access.
Erase.
Media.
drive or USB port.
Sanitize.
This is typically used when the device is moved (temporarily or permanently) from a secured area to a nonsecured area.
Scrub.
Remove.
are available in the product service manual.
User-Accessible.
User-Modifiable.
instrument user interface or remote control.
Volatile memory.
Nonvolatile memory.
Power off.
data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must either
push a rear-panel OFF switch or remove the power source from the instrument.
This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to
This is equivalent to clear.
Storage/data export device. A device that stores or exports data from the instrument, such as a USB flash
This removes the data from media/memory so that the data cannot be recovered using any known technology.
This is equivalent to sanitize.
This is a physical means to clear the data by removing the memory device from the instrument. Instructions
The user can directly retrieve the memory device contents.
The memory device can be written to by the user during normal instrument operation, using the
Memory that loses data when the instrument is powered off.
Memory that retains data when the instrument is powered off.
Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For clearing
Instrument Declassification.
removed from a secure environment. Declassification procedures include memory sanitization, memory removal,
and sometimes both.
MSO58LP with Option 5-SEC Declassification and Security Instructionsv
A term that refers to procedures that must be undertaken b efore an instrument can be
Preface
viMSO58LP with Option 5-SEC Declassification and Security Instructions
The tables in this section use the following terms:
User data
information representing signals connected to the instrument by users.
User settings
changed by the user.
Both.
stored in the device.
None.
stored in the device.
Directly.
Indirectly.
the user cannot modify the data.
. Describes the type of information stored in the device. Refers to waveforms or other measurement
. Describes the type of information stored in the device. Refers to instrument settings that can be
Describes the type of information stored in the device. It means that both user data and user settings are
Describes the type of information stored in the device. It means that neither user data or user settings are
Describes how data is modified. It means that the user can modify the data.
Describes how data is modified. It means that the instrument system resources modify the data and that
MSO58LP with Option 5-SEC Declassification and Security Instructions1
Memory device clear and sanitize procedures
Memory devices
The following tables list the volatile and nonvolatile memory devices in the instrument.
Table1: Volatilememorydevices
Typ e and
minimum sizeFunction
SDRAM ≥16 GB
(All models)
SDRAM ≥4GB
SDRAM
≥512 MB
CMOS RAM
≥256 Bytes
Host processor
memory
Holds active
acquisition data
Holds video graphics
data
Holds clock and BIOS
configuration data
Type of user
info stored
User data or
user setting
User dataNoIndirectlyApplication
User dataNoIndirectlyApplication
NoneYesIndirectly
Backed-up
by battery
NoIndirectlyWritten by
Method of
modification
Data input
methodLocation
processor
system
software
operations
software
operations
BIOS
operations
Module socket
(SODIMM)
on the carrier
interface
assembly
Module socket
(SODIMM)
on the carrier
interface
assembly
Acquisition
board
Carrier interface
assembly
User
accessibleTo clearTo sanitize
NoUnplug the instrument
NoUnplug the instrument
NoUnplug the instrument
Yes
for at least 30 seconds
for at least 30 seconds
for at least 30 seconds
Push the CMOS clear
button on the bottom
of the instrument
for a minimum of
30 seconds. (See
Resetting the
page 7,
instrument CMOS
.)
Unplug the instrument
for at least 30 seconds
Unplug the instrument
for at least 30 seconds
Unplug the instrument
for at least 30 seconds
Push the CMOS clear
buttononthebottom
of the instrument
for a minimum of
30 seconds. (See
Resetting the
page 7,
instrument CMOS
.)
2MSO58LP with Option 5-SEC Declassification and Security Instructions
Table 2: Nonvolatile memory devices
Memory device clear and sanitize procedures
Type and minimum sizeFunction
Linux Solid State Drive Card
≥80 GB
EEPROM
1
≥2Kbit
EEPROM
1
≥2Kbit
EEPROM
1
≥64 Kbit
EEPROM
1
≥1Kb
Four to six pieces depending
on model
Host instrument Linux
operating system,
application software
Stores factory data,
maintenance data, user
password
Holds AFG calibration
data, USB port access
password
Holds the front panel
USB configuration
Holds the SODIMM
memory configuration
data (SPD)
Type of user
info stored
NoneIndirectWritten by
Port access
password
Ethernet IP
settings
NoneIndirectFactory
NoneNoneFactory
NoneNoneFactory
Method of
modification
Directly
settable from
UI or by using
PI commands
Data input
methodLocation
processor
system,
software
operations
UI, Factory
operations and
programmatic
commands
operations
operations
operations
Socket
(m.2) on
the carrier
interface
assembly
Acquisition
board
AFG riser
board
Front panel
LED board
Module
socket
(SODIMM)
on the
carrier
interface
assembly
and module
socket
(SODIMM)
on
acquisition
board
User
accessibleTo clearTo sanitize
Yes
Yes
NoNot applicable, does
NoNot applicable, does
NoNot applicable, does
(See page 10,
to clear or sanitize a
working instrument
(See page 10,
to clear or sanitize a
working instrument
not contain user
data or settings.
Clearing would
disable instrument
functionality.
not contain user
data or settings.
Clearing would
disable instrument
functionality.
not contain user
data or settings.
Clearing would
disable instrument
functionality.
How
How
(See page 10,
clear or sanitize a working
instrument
.)
(See page 10,
clear or sanitize a working
instrument
.)
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
How to
.)
How to
.)
MSO58LP with Option 5-SEC Declassification and Security Instructions3
Memory device clear and sanitize procedures
Type and minimum sizeFunction
Flash Memory
1
≥16 Mbit
Two pieces
Flash Memory
≥128 Mbit
Flash Memory
Unspecified size, three pieces
Flash Memory
≥32 KB
1
1
Holds a part of the
Acquisition FPGA
configuration
Stores processor
BIOS firmware, BIOS
configuration, and
embedded controller
firmware. The Ethernet
MAC address is stored in
this device.
Stores power supply
configuration data
Stores power
management controller
firmware
Type of user
info stored
NoneIndirectApplication
NoneIndirect
NoneIndirectApplication
NoneIndirectApplication
Method of
modification
Data input
methodLocation
software
operations
BIOS
operations,
operating
system
operations
and factory
operations
software
operations
software
operations
Acquisition
board
Processor
module
board
Internal
to the
UCD9248
power
supply
controller
on the
acquisition
board and
carrier
interface
assembly
Internal
to the
MC9S08 micro
controller
on the
acquisition
board
User
accessibleTo clearTo sanitize
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
4MSO58LP with Option 5-SEC Declassification and Security Instructions
Memory device clear and sanitize procedures
Type of user
Type and minimum sizeFunction
Flash Memory
1
≥64 KB
Two to four pieces depending
on model
Flash Memory
≥0.33 Mbit
1
1
The size of memory devices may increase during the product life cycle.
Stores analog board
microcontroller firmware
Stores the processor
carrier FPGA
configuration
info stored
NoneIndirectApplication
NoneNoneFactory
Method of
modification
Data input
methodLocation
software
operations
operations
Internal
to the
MKL14 micro
controller on
the analog
board
Internal
to the
LCMXO2
FPGA on
the carrier
interface
assembly
User
accessibleTo clearTo sanitize
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
NoNot applicable, does
not contain user
data or settings.
Clearing would
disable instrument
functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
Not applicable, does not
contain user data or settings.
Sanitizing would disable
instrument functionality.
MSO58LP with Option 5-SEC Declassification and Security Instructions5
Memory device clear and sanitize procedures
Media and data export devices
The following table lists the data export devices in the instrument.
Table 3: Media and data export devices
TypeFunction
USB Host portsUser storage and recall of
reference waveforms, screen
images, and instrument
setups, and installation of
firmware updates using
removable USB flash drives
USB Device port
Ethernet
Remote control and data
transfer to a PC
Transfer data and remote
control of instrument.
Method of
modification
DirectlyUser writeable
DirectlyRemote control
DirectlyRemote control
Data input
methodLocationUser accessibleTo disable
using USBTMC
using LXI, VISA,
or Socket Server
Three USB Host
ports on front of
the instrument;
four USB Host
ports on the back
of the instrument
USB Device port
on back of the
instrument
Ethernet port on
back of instrument
Yes
Yes
YesThe Ethernet LAN port cannot be
Use the
to disable all USB ports (Host and
Device). Requires a password
(user-created when first disabled)
Use the
to disable all USB ports (Host and
Device). Requires a password
(user-created when first disabled)
disabled.
Utility > Security
Utility > Security
menu
menu
6MSO58LP with Option 5-SEC Declassification and Security Instructions
Resetting the instrument CMOS
Do the following steps to reset the instrument CMOS device:
1.
Disconnect the instrument power cord.
2.
Disconnect all probes and cables.
3.
Turn the instrument over so the bottom faces up.
4.
Using a small, nonsharp tool, push and hold the indented CMOS reset button for 30 seconds.
Memory device clear and sanitize procedures
5.
Turn the instrument over.
6.
Set the instrument clock. (See page 8, Resetting the instrument clock.)
MSO58LP with Option 5-SEC Declassification and Security Instructions7
Memory device clear and sanitize procedures
Resetting the instrument clock
Do the following steps to reset the instrument clock in case the instrument date and time are incorrect, or after a CMOS reset:
1.
Connect a keyboard and monitor to the instrument.
2.
Power on the instrument.
3.
While the instrument is powering on, continuously press theF2or
4.
Enter the password (yours or the default password). If you are logging in for the first time, the factory installed
password is
password in accordance with your organization’s policies.
WARNING.
way for Tektronix to gain access to the instrument BIOS settings once the password is changed from the factory default
value. If you need to return the instrument to Tektronix for service, you must reset the BIOS password back to the factory
default value
5.
6.
7.
8.
9.
Please select a boot device
The
Use the down arrow key to select
In the Main tab (default), use the down arrow to select
described on the screen to select and enter correct information in the date fields.
In the Main tab (default), use the down arrow to select
described on the screen to select and enter correct Coordinated Universal Time (UTC) information in the date fields.
Use the Web to determine the current UTC time. (note; Do not enter your local time.)
Once the time is set, press theF4key to save this value and exit the setup screen. The instrument powers on to the
normal oscilloscope view.
Tektronix
MakesurethatyoukeeparecordoftheinstrumentBIOSpassword in your organization’s records. There is no
Tektr o n ix
. Once you have logged in using the factory default BIOS password, create and enter a new
before sending to the Tektronix Service Center.
screen appears.
Enter Setup
and press
Enter
System Date
System Time
Delete
.
key until the
. If the date is not current, use the keys as
. If the time is not current, use the keys as
BIOS Login
screen appears.
10.
Double-tap the
11.
Tap the Time Zone field and select the correct time zone for your instrument location.
8MSO58LP with Option 5-SEC Declassification and Security Instructions
Date and Time
badge in the lower right of the screen.
Memory device clear and sanitize procedures
12.
Enable the
13.
Tap outside the menu to close the time zone setting.
Automatically adjust clock for Daylight Savings Time
functionifusedinyourtimezone.
MSO58LP with Option 5-SEC Declassification and Security Instructions9
How to clear or sanitize a working instrument
How to clear or sanitize a working instrument
Run all the following procedures, in order, to clear or sanitize the instrument. You typically clear or sanitize an instrument
when you want to erase files to clear space or turn the instrument over to another person or department.
Clear the Network Configuration password
1.
Connect the instrument to a network to which you have access.
2.
Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.
3.
4.
Click the
Click
Security for Network Config
Submit
If a password was set for this function, you are requested to enter the password. If the password is accepted, the
password is set to blank (the default setting of the access password fields).
If a password was not set for this function, the screen displays the message that the password was successfully
changed (to a blank password).
:
Clear the network DNS Hostname and description
1.
Connect the instrument to a network to which you have access.
2.
Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.
3.
Click the
4.
Delete all text in both of the
5.
Click the Host Settings
the original factory default value.
6.
ClickOK. The message closes and the fields are restored to their original factory settings.
Network Configuration
Host Settings
Submit
link on the left side of the screen.
link on the left side of the screen.
fields.
button. A message appears stating that the field is empty, and will be configured to
10MSO58LP with Option 5-SEC Declassification and Security Instructions
Clear Ethernet port settings
1.
Disconnect the Ethernet cable from the instrument.
2.
Connect a keyboard and monitor to the instrument.
How to clear or sanitize a working instrument
3.
Open the
4.
In the LAN panel, clear all information from the
5.
Click the
6.
Click
7.
Tap
8.
Tap outside the menu to close it.
NOTE.
instrument to your network, enter the instrument’s IP address into a web browser on a PC that is connected to a network
that has access to the instrument, click the
TCP/IP Mode box, clear all information from all fields, and click the Address Settings
Utility > I/O
LAN Reset
OK
.
Apply Changes
You can also clear the instrument IP Address settings from the instrument’s web-based interface. Connect the
menu.
button.
. It may take a few moments for the changes to take effect.
Delete USB port and software update password
If you have entered a password to enable/disable USB ports and software updates, do the following:
1.
Connect a keyboard and monitor to the instrument.
2.
Open the
Utility > Security > Change Password
Host Name,Domain Name
Network Configuration
menu.
Service Name
,and
link on the left side of the screen, select the Manual
Submit
button.
fields.
3.
Enter in the current password in the
4.
MSO58LP with Option 5-SEC Declassification and Security Instructions11
Delete Password
Tap
.
Current Password
field.
How to clear or sanitize a working instrument
The Clear/Sanitize process is done
You can now remove the instrument from the secured environment.
12MSO58LP with Option 5-SEC Declassification and Security Instructions
How to sanitize a nonfunctional instrument
Do the following to clear or sanitize your instrument if it is not functioning and must be returned to Tektronix for repair:
How to sanitize a nonfunctional instrument
CAUTION.
with proper electrostatic discharge controls in place (such as a grounded antistatic wrist strap).
1.
Disconnect the instrument power cord.
2.
Disconnect all probes and cables.
3.
Remove all external USB memory devices. Store or destroy the USB memory devices in accordance with your
organization’s guidelines.
4.
Turn the instrument over so that the bottom is facing up.
5.
Use a T-10 Torx screw driver to remove the three screws on the Sold State Drive cover.
To avoid damaging other circuits in the instrument, perform the following procedure in a static-safe environment
6.
Use a T-10 Torx screw driver to remove the screw from the end of the memory card.
MSO58LP with Option 5-SEC Declassification and Security Instructions13
How to sanitize a nonfunctional instrument
The end of the memory card lifts upward as you remove the screw.
7.
Grasp the edges of the raised end of the card and pull to remove the memory card. Store or destroy the memory
card in accordance with your organization’s guidelines.
8.
Reattach the drive cover.
9.
Package the instrument for shipping. Contact Tektronix for guidelines on correct packaging to best protect your
instrument during shipping.
10.
Send the instrument to a Tektronix Service Center. The instrument will then be repaired, calibrated as necessary,
andreturnedtoyou.
14MSO58LP with Option 5-SEC Declassification and Security Instructions
Repair charges
How to sanitize a nonfunctional instrument
In North America, contact the Tektronix Customer Care Center (1-800-833-9200) for assistance with returning the
instrument to a service center. Worldwide, visit www.tektronix.com to find contacts in your area.
Replacement of damaged and missing hardware is charged according to the rate at the time of replacement.
MSO58LP with Option 5-SEC Declassification and Security Instructions15
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.