Tektronix 5 Series MSO Low Profile (MSO58LP) with Option 5-SEC Declassification and Security Instructions

xx
5SeriesMSOLowProfile (MSO58LP) With Option 5-SEC Enhanced Security
ZZZ
Declassication and Security
Instructions
Revision A: 20181011
www.tektronix.com
077-1407-01
Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by national copyright laws and international treaty provisions.
Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Specications and price change privileges reserved.
TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.
TekSecure is a trademark of Tektronix; Inc.
Contacting Tektronix
Tektronix, Inc. 14150 SW Karl Braun Drive P.O. B o x 5 0 0 Beaverton, OR 97077 USA
For product information, sales, service, and technical support:
In North America, call 1-800-833-9200. Worldwide, visit www.tek.com to nd contacts in your area.
Table of Contents
Preface ............................. .................................. ................................ ............................................................... iii
Supported products ........................................................................................................................................... iii
About option 5-SEC......................................................................................................................................... . iv
Terms................................................................................................................................................ ............ v
Memory device clear and sanitize procedures................................................................................................................... 1
Nonvolatile, volatile memory device table terminology. . ..... . ..... . ... . . ..... . ..... . ... . . . .... . ..... . ..... . ..... ..... . ..... . ..... . ...................... 1
Memory devices ......................... .................................. ................................ .................................................... 2
Media and data export devices ............................................................................................................................... 6
Resetting the instrument CMOS ............................................................................................................................. 7
Resetting the instrument clock ... ................................ .................................. .......................................................... 8
How to clear or sanitize a working instrument .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ..... . ..... . ..... ..... . ..... . ..... . .... . ............................ 10
Clear the Network Conguration password............................... ................................ .................................. ...............10
Clear the network DNS Hostname and description ....................................................................................................... 10
Clear Ethernet port settings........... ................................ .................................. ..................................................... 11
Delete USB port and software update password .......................................................................................................... 11
The Clear/Sanitize process is done ......................................................................................................................... 12
How to sanitize a nonfunctional instrument . .... . ..... . ..... . ..... . ..... ..... . ..... . ..... . ..... . ... . . . .... . ..... . ..... . ..... . ..... . ............................ 13
Repair charges.............................................................................................................................................. ... 15
MSO58LP with Option 5-SEC Declassication and Security Instructions i
Table of Contents
ii MSO58LP with Option 5-SEC Declassication and Security Instructions
Preface
This document helps customers with data security concerns to clear or sanitize a 5 Series MSO Low Prole MSO58LP instrument that has factory option 5-SEC installed.
The instrument has data storage devices (memory and a removable mass storage drive) and data export interfaces (USB and Ethernet). These instructions describe how to clear or sanitize the memory devices and disable the data output interfaces. The instructions also describe how to sanitize an instrument that is not functioning.
Reference
Supported products
The procedures in this document are written to meet the requirements specied in:
National Industrial Security Program Operating Manual (NISPOM), DoD 5220.22–M, Chapter 8
Defense Security Service Manual for the Certication and Accreditation of Classied Systems under the NISPOM
These instructions cover the following instrument:
MSO58LP with factory installed option 5-SEC
NOTE.
Option 5-SEC must be ordered at the same time that you order an instrument.
MSO58LP with Option 5-SEC Declassication and Security Instructions iii
Preface
About option 5-SEC
NOTE.
Option 5-SEC provides the highest level of instrument security for 5 Series MSO products. Option 5-SEC features include:
Option 5-SEC must be ordered at the same time you order an instrument.
Oscilloscope hardware is configured to easily declassify the oscilloscope:
The main system memory is easily removed without disassembling the instrument
Data can only be saved to or read from a USB port on the instrument, a mounted network drive, or through the
programmatic interface
Password protection to enable/disable external USB Host and Device ports
Password protection to enable/disable rmware upgrades or downgrades
PasswordprotectiontopreventBIOSmodification and booting from USB flash devices.
iv MSO58LP with Option 5-SEC Declassication and Security Instructions
Terms
Preface
The following terms may be used in this document:
Clear.
deny access to previously stored information by standard means of access.
Erase.
Media.
drive or USB port.
Sanitize.
This is typically used when the device is moved (temporarily or permanently) from a secured area to a nonsecured area.
Scrub.
Remove.
are available in the product service manual.
User-Accessible.
User-Modiable.
instrument user interface or remote control.
Volatile memory.
Nonvolatile memory.
Power off.
data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must either push a rear-panel OFF switch or remove the power source from the instrument.
This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to
This is equivalent to clear.
Storage/data export device. A device that stores or exports data from the instrument, such as a USB ash
This removes the data from media/memory so that the data cannot be recovered using any known technology.
This is equivalent to sanitize.
This is a physical means to clear the data by removing the memory device from the instrument. Instructions
The user can directly retrieve the memory device contents.
The memory device can be written to by the user during normal instrument operation, using the
Memory that loses data when the instrument is powered off.
Memory that retains data when the instrument is powered off.
Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For clearing
Instrument Declassication.
removed from a secure environment. Declassication procedures include memory sanitization, memory removal, and sometimes both.
MSO58LP with Option 5-SEC Declassication and Security Instructions v
A term that refers to procedures that must be undertaken b efore an instrument can be
Preface
vi MSO58LP with Option 5-SEC Declassication and Security Instructions
Memory device clear and sanitize procedures
Nonvolatile, volatile memory device table terminology
The tables in this section use the following terms:
User data
information representing signals connected to the instrument by users.
User settings
changed by the user.
Both.
stored in the device.
None.
stored in the device.
Directly.
Indirectly.
the user cannot modify the data.
. Describes the type of information stored in the device. Refers to waveforms or other measurement
. Describes the type of information stored in the device. Refers to instrument settings that can be
Describes the type of information stored in the device. It means that both user data and user settings are
Describes the type of information stored in the device. It means that neither user data or user settings are
Describes how data is modied. It means that the user can modify the data.
Describes how data is modied. It means that the instrument system resources modify the data and that
MSO58LP with Option 5-SEC Declassication and Security Instructions 1
Memory device clear and sanitize procedures
Memory devices
The following tables list the volatile and nonvolatile memory devices in the instrument.
Table1: Volatilememorydevices
Typ e and minimum size Function
SDRAM 16 GB (All models)
SDRAM 4GB
SDRAM 512 MB
CMOS RAM 256 Bytes
Host processor memory
Holds active acquisition data
Holds video graphics data
Holds clock and BIOS conguration data
Type of user info stored
User data or user setting
User data No Indirectly Application
User data No Indirectly Application
None Yes Indirectly
Backed-up by battery
No Indirectly Written by
Method of modication
Data input method Location
processor system
software operations
software operations
BIOS operations
Module socket (SODIMM) on the carrier interface assembly
Module socket (SODIMM) on the carrier interface assembly
Acquisition board
Carrier interface assembly
User accessible To clear To sanitize
No Unplug the instrument
No Unplug the instrument
No Unplug the instrument
Yes
for at least 30 seconds
for at least 30 seconds
for at least 30 seconds
Push the CMOS clear button on the bottom of the instrument for a minimum of 30 seconds. (See
Resetting the
page 7,
instrument CMOS
.)
Unplug the instrument for at least 30 seconds
Unplug the instrument for at least 30 seconds
Unplug the instrument for at least 30 seconds
Push the CMOS clear buttononthebottom of the instrument for a minimum of 30 seconds. (See
Resetting the
page 7,
instrument CMOS
.)
2 MSO58LP with Option 5-SEC Declassication and Security Instructions
Table 2: Nonvolatile memory devices
Memory device clear and sanitize procedures
Type and minimum size Function
Linux Solid State Drive Card 80 GB
EEPROM
1
2Kbit
EEPROM
1
2Kbit
EEPROM
1
64 Kbit
EEPROM
1
1Kb Four to six pieces depending on model
Host instrument Linux operating system, application software
Stores factory data, maintenance data, user password
Holds AFG calibration data, USB port access password
Holds the front panel USB conguration
Holds the SODIMM memory conguration data (SPD)
Type of user info stored
None Indirect Written by
Port access password
Ethernet IP settings
None Indirect Factory
None None Factory
None None Factory
Method of modication
Directly settable from UI or by using PI commands
Data input method Location
processor system, software operations
UI, Factory operations and programmatic commands
operations
operations
operations
Socket (m.2) on the carrier interface assembly
Acquisition board
AFG riser board
Front panel LED board
Module socket (SODIMM) on the carrier interface assembly and module socket (SODIMM) on acquisition board
User accessible To clear To sanitize
Yes
Yes
No Not applicable, does
No Not applicable, does
No Not applicable, does
(See page 10,
to clear or sanitize a working instrument
(See page 10,
to clear or sanitize a working instrument
not contain user data or settings. Clearing would disable instrument functionality.
not contain user data or settings. Clearing would disable instrument functionality.
not contain user data or settings. Clearing would disable instrument functionality.
How
How
(See page 10,
clear or sanitize a working instrument
.)
(See page 10,
clear or sanitize a working instrument
.)
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
How to
.)
How to
.)
MSO58LP with Option 5-SEC Declassication and Security Instructions 3
Memory device clear and sanitize procedures
Type and minimum size Function
Flash Memory
1
16 Mbit Two pieces
Flash Memory 128 Mbit
Flash Memory Unspecied size, three pieces
Flash Memory 32 KB
1
1
Holds a part of the Acquisition FPGA conguration
Stores processor BIOS rmware, BIOS conguration, and embedded controller rmware. The Ethernet MAC address is stored in this device.
Stores power supply conguration data
Stores power management controller rmware
Type of user info stored
None Indirect Application
None Indirect
None Indirect Application
None Indirect Application
Method of modication
Data input method Location
software operations
BIOS operations, operating system operations and factory operations
software operations
software operations
Acquisition board
Processor module board
Internal to the UCD9248 power supply controller on the acquisition board and carrier interface assembly
Internal to the MC9S08 micro controller on the acquisition board
User accessible To clear To sanitize
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
4 MSO58LP with Option 5-SEC Declassication and Security Instructions
Memory device clear and sanitize procedures
Type of user
Type and minimum size Function
Flash Memory
1
64 KB Two to four pieces depending on model
Flash Memory 0.33 Mbit
1
1
The size of memory devices may increase during the product life cycle.
Stores analog board microcontroller rmware
Stores the processor carrier FPGA conguration
info stored
None Indirect Application
None None Factory
Method of modication
Data input method Location
software operations
operations
Internal to the MKL14 micro controller on the analog board
Internal to the LCMXO2 FPGA on the carrier interface assembly
User accessible To clear To sanitize
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
No Not applicable, does
not contain user data or settings. Clearing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
MSO58LP with Option 5-SEC Declassication and Security Instructions 5
Memory device clear and sanitize procedures
Media and data export devices
The following table lists the data export devices in the instrument.
Table 3: Media and data export devices
Type Function
USB Host ports User storage and recall of
reference waveforms, screen images, and instrument setups, and installation of rmware updates using removable USB ash drives
USB Device port
Ethernet
Remote control and data transfer to a PC
Transfer data and remote control of instrument.
Method of modication
Directly User writeable
Directly Remote control
Directly Remote control
Data input method Location User accessible To disable
using USBTMC
using LXI, VISA, or Socket Server
Three USB Host ports on front of the instrument; four USB Host ports on the back of the instrument
USB Device port on back of the instrument
Ethernet port on back of instrument
Yes
Yes
Yes The Ethernet LAN port cannot be
Use the to disable all USB ports (Host and Device). Requires a password (user-created when rst disabled)
Use the to disable all USB ports (Host and Device). Requires a password (user-created when rst disabled)
disabled.
Utility > Security
Utility > Security
menu
menu
6 MSO58LP with Option 5-SEC Declassication and Security Instructions
Resetting the instrument CMOS
Do the following steps to reset the instrument CMOS device:
1.
Disconnect the instrument power cord.
2.
Disconnect all probes and cables.
3.
Turn the instrument over so the bottom faces up.
4.
Using a small, nonsharp tool, push and hold the indented CMOS reset button for 30 seconds.
Memory device clear and sanitize procedures
5.
Turn the instrument over.
6.
Set the instrument clock. (See page 8, Resetting the instrument clock.)
MSO58LP with Option 5-SEC Declassication and Security Instructions 7
Memory device clear and sanitize procedures
Resetting the instrument clock
Do the following steps to reset the instrument clock in case the instrument date and time are incorrect, or after a CMOS reset:
1.
Connect a keyboard and monitor to the instrument.
2.
Power on the instrument.
3.
While the instrument is powering on, continuously press theF2or
4.
Enter the password (yours or the default password). If you are logging in for the rst time, the factory installed password is password in accordance with your organization’s policies.
WARNING.
way for Tektronix to gain access to the instrument BIOS settings once the password is changed from the factory default value. If you need to return the instrument to Tektronix for service, you must reset the BIOS password back to the factory default value
5.
6.
7.
8.
9.
Please select a boot device
The
Use the down arrow key to select
In the Main tab (default), use the down arrow to select described on the screen to select and enter correct information in the date elds.
In the Main tab (default), use the down arrow to select described on the screen to select and enter correct Coordinated Universal Time (UTC) information in the date elds. Use the Web to determine the current UTC time. (note; Do not enter your local time.)
Once the time is set, press theF4key to save this value and exit the setup screen. The instrument powers on to the normal oscilloscope view.
Tektronix
MakesurethatyoukeeparecordoftheinstrumentBIOSpassword in your organization’s records. There is no
Tektr o n ix
. Once you have logged in using the factory default BIOS password, create and enter a new
before sending to the Tektronix Service Center.
screen appears.
Enter Setup
and press
Enter
System Date
System Time
Delete
.
key until the
. If the date is not current, use the keys as
. If the time is not current, use the keys as
BIOS Login
screen appears.
10.
Double-tap the
11.
Tap the Time Zone eld and select the correct time zone for your instrument location.
8 MSO58LP with Option 5-SEC Declassication and Security Instructions
Date and Time
badge in the lower right of the screen.
Memory device clear and sanitize procedures
12.
Enable the
13.
Tap outside the menu to close the time zone setting.
Automatically adjust clock for Daylight Savings Time
functionifusedinyourtimezone.
MSO58LP with Option 5-SEC Declassication and Security Instructions 9
How to clear or sanitize a working instrument
How to clear or sanitize a working instrument
Run all the following procedures, in order, to clear or sanitize the instrument. You typically clear or sanitize an instrument when you want to erase les to clear space or turn the instrument over to another person or department.
Clear the Network Conguration password
1.
Connect the instrument to a network to which you have access.
2.
Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.
3.
4.
Click the
Click
Security for Network Config
Submit
If a password was set for this function, you are requested to enter the password. If the password is accepted, the
password is set to blank (the default setting of the access password elds).
If a password was not set for this function, the screen displays the message that the password was successfully
changed (to a blank password).
:
Clear the network DNS Hostname and description
1.
Connect the instrument to a network to which you have access.
2.
Enter the instrument’s IP address into a web browser on a PC that has network access to the instrument.
3.
Click the
4.
Delete all text in both of the
5.
Click the Host Settings the original factory default value.
6.
ClickOK. The message closes and the elds are restored to their original factory settings.
Network Conguration
Host Settings
Submit
link on the left side of the screen.
link on the left side of the screen.
elds.
button. A message appears stating that the eld is empty, and will be congured to
10 MSO58LP with Option 5-SEC Declassication and Security Instructions
Clear Ethernet port settings
1.
Disconnect the Ethernet cable from the instrument.
2.
Connect a keyboard and monitor to the instrument.
How to clear or sanitize a working instrument
3.
Open the
4.
In the LAN panel, clear all information from the
5.
Click the
6.
Click
7.
Tap
8.
Tap outside the menu to close it.
NOTE.
instrument to your network, enter the instrument’s IP address into a web browser on a PC that is connected to a network that has access to the instrument, click the TCP/IP Mode box, clear all information from all elds, and click the Address Settings
Utility > I/O
LAN Reset
OK
.
Apply Changes
You can also clear the instrument IP Address settings from the instrument’s web-based interface. Connect the
menu.
button.
. It may take a few moments for the changes to take effect.
Delete USB port and software update password
If you have entered a password to enable/disable USB ports and software updates, do the following:
1.
Connect a keyboard and monitor to the instrument.
2.
Open the
Utility > Security > Change Password
Host Name,Domain Name
Network Conguration
menu.
Service Name
,and
link on the left side of the screen, select the Manual
Submit
button.
elds.
3.
Enter in the current password in the
4.
MSO58LP with Option 5-SEC Declassication and Security Instructions 11
Delete Password
Tap
.
Current Password
eld.
How to clear or sanitize a working instrument
The Clear/Sanitize process is done
You can now remove the instrument from the secured environment.
12 MSO58LP with Option 5-SEC Declassication and Security Instructions
How to sanitize a nonfunctional instrument
Do the following to clear or sanitize your instrument if it is not functioning and must be returned to Tektronix for repair:
How to sanitize a nonfunctional instrument
CAUTION.
with proper electrostatic discharge controls in place (such as a grounded antistatic wrist strap).
1.
Disconnect the instrument power cord.
2.
Disconnect all probes and cables.
3.
Remove all external USB memory devices. Store or destroy the USB memory devices in accordance with your organization’s guidelines.
4.
Turn the instrument over so that the bottom is facing up.
5.
Use a T-10 Torx screw driver to remove the three screws on the Sold State Drive cover.
To avoid damaging other circuits in the instrument, perform the following procedure in a static-safe environment
6.
Use a T-10 Torx screw driver to remove the screw from the end of the memory card.
MSO58LP with Option 5-SEC Declassication and Security Instructions 13
How to sanitize a nonfunctional instrument
The end of the memory card lifts upward as you remove the screw.
7.
Grasp the edges of the raised end of the card and pull to remove the memory card. Store or destroy the memory card in accordance with your organization’s guidelines.
8.
Reattach the drive cover.
9.
Package the instrument for shipping. Contact Tektronix for guidelines on correct packaging to best protect your instrument during shipping.
10.
Send the instrument to a Tektronix Service Center. The instrument will then be repaired, calibrated as necessary, andreturnedtoyou.
14 MSO58LP with Option 5-SEC Declassication and Security Instructions
Repair charges
How to sanitize a nonfunctional instrument
In North America, contact the Tektronix Customer Care Center (1-800-833-9200) for assistance with returning the instrument to a service center. Worldwide, visit www.tektronix.com to nd contacts in your area.
Replacement of damaged and missing hardware is charged according to the rate at the time of replacement.
MSO58LP with Option 5-SEC Declassication and Security Instructions 15
Loading...