Tektronix DSA8300 Series User manual

xx

DSA8300 Series DigitalSerialAnalyzers

ZZZ

Declassiﬁcation and Security

Instructions

www.tektronix.com

*P077057600*

077-0576-00

Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by national copyright laws and international treaty provisions.

Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Speciﬁcations and price change privileges reserved.

TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.

Contacting Tektronix

Tektronix, Inc. 14150 SW Karl Braun Drive P.O. B o x 5 0 0 Beaverton, OR 97077 USA

For product information, sales, service, and technical support:

In North America, call 1-800-833-9200. Worl dwi de, v isit www.tektronix.com to ﬁnd contacts in your area.

Preface

This document helps customers with data security concerns to sanitize or remove memory devices from the DSA8300 Series Digital Serial Analyzers.

These products have data storage (memory) devices and data output devices (USB ports). These instructions tell how to clear o r sanitize the memory devices and disable the data output devices. The instructions also tell how to declassify an instrument that is not functioning.

Reference

Products

Terms

The procedures in this document are written to meet the requirements speciﬁed in:

NISPOM, DoD 5220.22–M, Chapter 8

ISFO Process Manual for Certiﬁcation & Accreditation of Classiﬁed Systems under NISPOM

The following Tektronix product is covered by this document:

DSA8300

The following terms may be used in this document:

Clear.

deny access to previously stored information by standard means of access.

Erase.

Instrument Declassiﬁcation.

removed from a secure environment. Declassiﬁcation procedures include memory sanitization and memory removal, and sometimes both.

Media storage/data export device.

instrument, such as a USB port.

This removes data on media/memory before reusing it in a secured area. All reusable memory is cleared to

This is equivalent to clear.

A term that refers to procedures that must be undertaken before an instrument is

Any of several devices that can be used to store or export data from the

DSA8300 Series Declassiﬁcation and Security Instructions iii

Preface

Power off.

Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For the purpose of clearing data, putting the instrument in Standby mode does not qualify as powering off. For these products, you will need to either press a rear-panel OFF switch or remove the power source from the instrument.

Remove.

This is a physical means to clear the data by removing the memory device from the instrument. Instructions

are available in the product Service Manual.

Sanitize.

This eradicates the data from media/memory so that the data cannot be recovered by other means or technology. This is typically used when the device will be moved (temporarily or permanently) from a secured area to a non-secured area.

Scrub.

User Accessible.

User-modiﬁable.

This is equivalent to sanitize.

User is able to directly retrieve the memory device contents.

The user can write to the memory device during normal instrument operation, using the instrument

interface or remote control.

Volatile memory.

Nonvolatile memory.

Data is lost when the instrument is powered off.

Data is retained when the instrument is powered off.

iv DSA8300 Series Declassiﬁcation and Security Instructions

Clear and Sanitize Procedures

Memory Devices

The following tables list the volatile and nonvolatile memory devices in the standard instrument and listed options. Detailed procedures to clear or sanitize these devices, if any, are shown following each table.

Terminology

The following terms are used in the tables in this section:

User data – Describes the type of information stored in the device. Refers to waveforms or other measurement data representing signals connected to the instrument by users.

User settings – Describes the type of information stored in the device. Refers to instrument settings that can be changed by the user.

Both – Describes the type of information stored in the device. It means that both user data and user settings are stored in the device.

None – Describes the type of information stored in the device. It means that neither user data nor user settings are stored in the device.

Directly – Describes how data is modiﬁed. It means that the user can modify the data.

Indirectly – Describes how data is modiﬁed. It means that the instrument system resources modify the data and that the user cannot modify the data.

DSA8300 Series Declassiﬁcation and Security Instructions 1

Clear and Sanitize Procedures

Table1: Volatilememorydevices

Typ e and min. size Function

PPC board:

SDRAM 512 MB (std)

EFE board:

Cyclone FX2 onboard program/data RAM, 16 KB

MC9S08AC16 onboard RAM, 1 KB

DSP onboard RAM, 192K x24-bit(4 each)

OFE board: No volatile memory devices

Timebase board:

DSP onboard RAM, 192K x 24-bit

Windows motherboard:

SDRAM,4 GB

Display adapter:

COACh3 processor, volatile memory not speciﬁed

Embedded microprocessor system memory

Program RAM, instruction cache, X-data, Y-d at a

Windows system memory

Touchscreen USB controller

Type of user info stored

Acquisition system calibration, setup

Front end setup and operation

Channel setup and operation

User data, user settings

None None Indirectly Firmware

Backed-up by battery

No Indirectly Firmware

No Directly Written by

Method of modiﬁcation

Data Input method Location

operations

processor system

operations

Slot-PPC board J130

EFE board U1001

EFE board U6M, U6N

EFE board U01_1, U01_3, U01_5, U01_7

Timebase board U421

Slot-PC board

Display Adapter board U2

User accessible To clear Process to sanitize

No

Yes

No

Remove power from the instrument for at least 20 seconds.

2 DSA8300 Series Declassiﬁcation and Security Instructions

Table 1: Volatile memory devices (cont.)

Clear and Sanitize Procedures

Typ e and min. size Function

Front panel:

Cypress CY7C66013C-PVXC processor RAM, 256 Bytes

Front panel USB controller

Type of user info stored

None None Indirectly Firmware

Table 2: Nonvolatile memory devices

Type of Typ e and min. size Function

PPC board:

PROM serial conﬁg 17S20XL, 179160 bits

Boot Flash, 512 KB

EEPROM, 128 Bytes

Temperature sensors DS1621, 5bytes(2 each)

PIF FPGA serial conﬁg

PPC boot ﬂash

Embedded bridge serial conﬁg

Temperature sense thermostat setup

user info

stored

None None Purchased

None Indirect Purchased

Backed-up by battery

Method of modiﬁcation

Data Input method Location

operations

Data Input method Location

already programmed

Front Panel board U 25

PPC board U231

PPC board U440

PPC board U750

PPC board U300, U800

User accessible To clear Process to sanitize

No

Remove power from the instrument for at least 20 seconds.

User accessible To clear To sanitize

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

DSA8300 Series Declassiﬁcation and Security Instructions 3

Clear and Sanitize Procedures

Table 2: Nonvolatile memory devices (cont.)

Type of Typ e and min. size Function

M25PE80 ﬂash, 1 MB

Battery-backed NVRAM, 128 KB

EFE board:

Cyclone FX2 onboard program ﬂash, 16 KB

Temperature sensors DS1621, 5bytes(3 each)

MC9S08AC16 onboard ﬂash, 16 KB

M25PE80 ﬂash, 1 MB

DSP onboard ROM, 192 x24-bit(4 each)

OFE board:

Holds instrument calibration data, nomenclature, serial number, option keys, and error log

Embedded microprocessor system memory

Temperature sense thermostat setup

Front end processor None Indirect Purchased

Holds EFE calibration and compensation data

Bootstrap ROM

user info

stored

None Indirect Firmware

None Indirect Purchased

None Indirect Firmware

Method of modiﬁcation

Data Input method Location

operations

already programmed

operations

PPC board U510

PPC board U520

EFE board U1001 No Not applicable, does not contain

EFE board U05, U06, U42

EFE board U06M, U06N

EFE board U101 No Not applicable, does not contain

EFE board U01_1, U01_3, U01_5, U01_7

User accessible To clear To sanitize

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

4 DSA8300 Series Declassiﬁcation and Security Instructions

Table 2: Nonvolatile memory devices (cont.)

Type of Typ e and min. size Function

M25PE80 ﬂash, 1 MB

Timebase board:

M25PE80 ﬂash, 1 MB

Windows motherboard:

MX25L3205D serial ﬂash, 4MB

ICH9DO, 16K

Removable Hard Drive, 160 GB

Display adapter:

COACh3 processor, nonvolatile memory not speciﬁed

Holds OFE calibration and compensation data

Holds timebase and instrument calibration and compensation data

Motherboard BIOS

Motherboard South Bridge

Holds instrument operating system and application software. Holds all user-storable data such as waveforms, measurement results, and instrument settings.

Touchscreen USB controller

user info

stored

None Indirect Firmware

None Indirect

User data,

user settings

None None Yes

Method of modiﬁcation

Indirect Firmware

Data Input method Location

operations

BIOS setup

I/O setup

operations, user input

(Touchscreen driver / cal)

OFE board U05

Timebase board U331

Motherboard BIOS11 socket

Motherboard ICH9_DO

Rear panel, removable

Display Adapter board U2

Clear and Sanitize Procedures

User accessible To clear To sanitize

No Not applicable, does not contain

Yes Erase the hard drive with

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

commercial erasure software. Reinstall instrument-speciﬁc Microsoft Windows 7 Ultimate using the OS Restore process. Reinstall the instrument software using the supplied application recovery disk. See

Disk Drives

user data or settings. Clearing would disable instrument functionality.

Clearing Hard

.

Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

Remove the hard drive. Sanitize or store the removed hard drive in a secure area, or destroy the hard drive. When the hard drive is removed, no user data remains in the instrument. (See page 11,

To Sanitize the Removable Hard Drive

.)

Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

DSA8300 Series Declassiﬁcation and Security Instructions 5

Clear and Sanitize Procedures

Table 2: Nonvolatile memory devices (cont.)

Type of Typ e and min. size Function

Front panel:

Cypress CY7C66013C-PVXC processor PROM, 8 KB

Front panel USB controller

user info

stored

None None None Front Panel board

Method of modiﬁcation

Data Input method Location

U25

User accessible To clear To sanitize

No Not applicable, does not contain

user data or settings. Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

6 DSA8300 Series Declassiﬁcation and Security Instructions

Media and Data Export Devices

Table 3: Media and data export devices

Clear and Sanitize Procedures

Typ e a nd min. size Function

Read - write CD/DVD drives

USB host port (supports removable USB ﬂash drive)

LAN Ethernet connector

GPIB connector Transfer data

Serial port Transfer

Parallel port

Store and transport data

User storage of reference waveforms, screen images, and instrument setups

Transfer data

Transfer

Method of modiﬁcation Data Input method Location User accessible Process to disable

directly User writeable Front panel. Yes

directly User writeable

directly

N/A

USB host port on front of instrument, plus four host ports on rear of instrument

Files can be deleted or over-written on the oscilloscope or a PC, or USB ﬂash drive can be removed and destroyed.

Rear panel.

Rear panel Yes

Yes

Remove all CDs and DVD. Rewritable CDs and DVDs can be formatted, stored in a secure area, or destroyed. Non-rewritable CDs and DVDs can either be stored or destroyed.

The CD/DVD Drive can be disabled. (See

To Disable USB and Read/Write

page 9,

DVD/CD for Windows Using the Windows Device Manager

Remove all USB memory devices. USB devices can be formatted, stored in a secure area, or destroyed.

The USB ports can be disabled. (See page 9,

DVD/CD for Windows Using the Windows Device Manager

Disconnect from Network cable.

The Ethernet port can be disabled. (See page 10,

Connectivity Using the BIOS

The GPIB device can be disabled. (See page 11,

Windows Device Manager

Cannot be disabled.

.)

To Disable USB and Read/Write

.)

To Disable LAN Ethernet

To Disable GPIB Using the

.)

DSA8300 Series Declassiﬁcation and Security Instructions 7

Clear and Sanitize Procedures

General Media Sanitizing

Information

Disabling Media and Data

Export Devices

Turn power off for at least 20 seconds to clear all volatile memory. All user storable data (waveforms and instrument settings) are stored on the removable hard drive, on a writeable CD/DVD drive, or through an attached USB media device, such as a ﬂash drive. The hard drive is located on the rear panel. The writeable CD/DVD drive is located on the front panel. The USB ports are located on the rear panel (4 each), and front panel (1 each).

To sanitize the hard drive, remove the hard drive from the instrument and store or destroy. Additional hard drives can be purchased from Tektronix. Alternately, there are DOD-approved scrubbing software packages available for the hard drive. Tektronix has no recommendations regarding the available packages. After the hard drive has been sanitized (scrubbed), reinstall the operating system and instrument software (in that order) using the DSA8300 Operating System Restore and Product Software restore media that came with the instrument.

Reinstalling the operating system or the product application software will not affect calibration of the instrument. All mainframe-related calibration constants are stored in nonvolatile memory on the timebase, EFE, or OFE boards, rather than on the hard drive. This allows complete erasure/removal of any secure data without affecting oscilloscope calibration. It also allows the instrument to be calibrated in a non-secure site then used in a secure area without need for recalibration.

Read-write CD/DVD drives are standard on this product. Remove all CDs or DVDs. Rewritable CD/DVD discs can be formatted, stored, or destroyed. Nonrewritable CD discs can be stored or destroyed.

Five USB ports are standard on this product. Remove USB media devices and store or destroy them.

The following instructions describe how to disable USB, Read/Write DVD/CD capability, LAN Ethernet connectivity, and GPIB connectivity. Using the BIOS disables the devices for DOS and Windows programs, while the Windows Device Manager disables the devices for Windows programs. These procedures disable both USB and the CD-RW to prevent their use.

NOTE.

to the hard drive. To do so, you must enable one of these items.

8 DSA8300 Series Declassiﬁcation and Security Instructions

If you disable the USB, Read/Write DVD/CD and LAN in the following procedures, you cannot write new ﬁrmware

To Disable USB DOS from the BIOS.

1.

PressF2during initial instrument power on sequence to go to the BIOS conﬁguration menu.

Clear and Sanitize Procedures

2.

3.

4.

5.

6.

7.

8.

9.

To Disable USB and Read/Write DVD/CD for Windows Using the Windows Device Manager.

1.

2.

3.

4.

5.

Advanced > USB Conﬁguration

Go to

Set High-Speed USB and Legacy USB Support to

Esc

Press

Go to

Press

Enter a password. You will be asked to conﬁrm the password by entering it again. Record the password and store it in a safe place for future use.

Set User Access Level to

Press

Connect a PS2 mouse and a PS2 keyboard to the instrument before powering on (because USB will be disabled).

Logontotheinstrumentasanadministrator.

Right-click

Select the

Click

once to return to the main BIOS conﬁguration menu.

Security > Set Supervisor Password

Enter

.

No Access

F10

and select

My Computer

Hardware

Device Manager

OK

to exit and save BIOS changes.

on the desktop and select

tab.

.

Disabled

.

Properties

.

6.

Expand the Universal Serial Bus controllers entry by clicking the+next to it.

7.

Double-click the ﬁrst

8.

Select the

DSA8300 Series Declassiﬁcation and Security Instructions 9

Power

USB Root Hub

tab.

entry.

Clear and Sanitize Procedures

9.

If the Device Description is and 8).

CAUTION.

not function.

10.

If the Device Description is not

device (disable)

11.

Click

12.

Repeat steps 7 through 11 for each USB Root Hub shown in the Device Manager window.

13.

Expand

14.

Right-click

15.

Exit the Device Manager window.

16.

Restart the instrument to implement the changes.

NOTE.

that these changes cannot be easily reversed.

It is critical to leave the “Generic USB Hub (4 ports) ” device operating; otherwise, the front panel will

in the Device usage drop-down list.

OK

.

DVD/CD drives

TEAC DW-224E-C

You should password-protect the Windows Administrator account and set up Guest accounts for end users so

Generic USB Hub (4 ports)

in the Device Manager window by clicking the+next to it.

and select

Disable

, double-click the next

, click the

.

General

USB Root Hub

tab and select

entry (see steps 7

Do not use this

To Disable LAN Ethernet Connectivity Using the BIOS.

1.

PressF2duringinstrumentpowerontogototheBIOSconﬁguration menu.

2.

3.

10 DSA8300 Series Declassiﬁcation and Security Instructions

Advanced > Peripheral Conﬁguration

Go to

Set Onboard LAN to

Disabled

.

Clear and Sanitize Procedures

4.

NOTE.

5.

To Disable GPIB Using the Windows Device Manager.

1.

2.

3.

4.

5.

6.

7.

8.

Esc

Press

If you do not use a BIOS password, the LAN can be reactivated by any user.

Press data trafﬁc in or out.

Connect a PS2 mouse and a PS2 keyboard to the instrument before powering on (because USB will be disabled).

Logontotheinstrumentasanadministrator.

Right-click

Click

Expand the device category

Right-click on

Select

Exit the Device Manager window.

once to return to the main BIOS conﬁguration menu.

F10

and select

My Computer

Device Manager

Disable

OK

to save changes and exit. The LAN system will be disabled and will no longer allow

.

PCI-GPIB

from the list.

on the desktop and select

National Instruments NI-Device GPIB Interfaces

.

Properties

.

To Sanitize the Removable Hard Drive.

replace the hard drive in a manner that meets all security requirements for your location.

After the hard drive is sanitized or replaced, reinstall the operating system (OS) and instrument software (in that order) using the provided OS recovery media and instrument application software media.

Scrubbing the hard drive does not affect calibration of the instrument because the factory calibration constants are stored on the PPC, timebase, EFE, and OFE boards, entirely separate from any acquisition data or user ﬁles. You can completely erase or remove any secure data without affecting the calibration of the instrument. You can also calibrate the instrument in a nonsecure site, and then use the instrument in a secure area without recalibration.

DSA8300 Series Declassiﬁcation and Security Instructions 11

All user-storable data is stored on the rear-panel removable hard drive. Sanitize or

Clear and Sanitize Procedures

12 DSA8300 Series Declassiﬁcation and Security Instructions

Troubleshooting

How to Clear or Sanitize a Non-Functional Instrument

If your instrument is not functioning, perform the following actions and return the instrument for Tektronix for repair. Describe the initial problem with the product. Tektronix will install replacement parts and then repair and return the instrument.

Hard Disk Drives

Read/Write CD/DVD Drives

External Memory Devices

Charges

How to Recover from

Sanitizing or Installing a

New Instrument Hard Drive

Remove the hard disk by unscrewing the two retaining screws and pulling out the hard drive tray. Store the drive in a secure location. A new hard drive will be installed and the instrument will be repaired and adjusted as necessary.

Remove all CDs or DVDs from the Read/Write CD/DVD drive. If the instrument cannot power on, insert a small paper clip into the hole next to the CD/DVD drive drawer latch and push to release the drawer and remove the disc. Store or destroy the disc according to the security policies of your organization.

Remove any USB ﬂash drives or external hard drives from the instrument.

Refer to your company’s internal policies regarding handling or disposal of the external memory device.

Replacement of any missing hardware will be charged according to the rate at the time of replacement.

After the hard drive is sanitized or replaced with a new (empty) hard drive, the operating system and instrument software must be reinstalled (in that order) from the OS restore and application software install media. The restore software runs automatically if the CD/DVD drive is the ﬁrst bootable device. If the CD/DVD drive is not the ﬁrst bootable device, press the F2 key during instrument power-on to open the instrument BIOS window and enable the CD/DVD drive as the ﬁrst bootable device before performing a restore from the recovery media.

DSA8300 Series Declassiﬁcation and Security Instructions 13

Change Log

Document part number Revision date Change description

077-0576-00 20110727 First release.

14 DSA8300 Series Declassiﬁcation and Security Instructions

Tektronix DSA8300 Series User manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

Preface

Clear and Sanitize Procedures

Memory Devices

Media and Data Export Devices

Troubleshooting

How to Clear or Sanitize a Non-Functional Instrument

Change Log