Tektronix MDO4104C, MDO4054C, MDO4024C, MDO4034C Declassification And Security Instructions

xx

MDO4000C Series Oscilloscope

ZZZ

Declassification and Security

Instructions

www.tektronix.com

P077118000*

*

077-1180-00

Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries
or suppliers, and are protected by national copyright laws and international treaty provisions.

Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication
supersedes that in all previously published material. Specifica tions and price change privileges reserved.

TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.

Contacting Tektronix

Tektronix, Inc.
14150 SW Karl Braun Drive
P.O . Bo x 50 0
Beaverto
USA

For product information, sales, service, and technical support:

n, OR 97077

In North America, call 1-800-833-9200.
Worldwide, visit www.tektronix.com to find contacts in your area.

Table of Contents

Preface .............................................................................................................. iii

Clear and Sanitize Procedures . ... ... ... . ... ... . ... ... . ... ... ... . ... ... . ... ... . ... ... ... . ... ... . ... ... . ... ... ... . .. 1

Memory Devices............................................................................................... 2

Data Export

Sanitizing an Application Module .. ... . ... ... . . .. . ... . . .. . ... . . .. . ... . . .. . ... . . .. . ... . . .. . ... . . .. . ... ... . ... 7

Built-In Security Features .............. .................................. .................................. ....... 9

Disable the LAN Port and Clear LAN Ethernet Settings.. ... . ... ... . ... ... . ... ... . ... ... . ... ... . .. . ... . . 11

Disable the USB Device Port................................................................................ 12

Use the MDO4SEC option to disable all I/O ports............................ ............................ 12

Clear an

d Sanitize a Nonfunctional Instrument . ... ... . ... ... ... . ... ... . ... ... ... . ... ... . .. . ... ... . .. . ... ... . .. 13

Devices........................................................................................... 6

Declassification and Security Instructions i

Table of Contents

ii Declassification and Security Instructions

Preface

If you have data security concerns, this document helps you to sanitize or
remove memory devices from the Tektronix MDO4000C Series Mixed Domain
Oscilloscop

The MDO4000C Series products have data storage (memory) devices and data
output devi
the memory devices, and also tell you how to declassify an instrument that is not
functioning.

Instrument code and calibration settings reside in nonvolatile flash memory.
Instrument setups and reference waveforms may also be stored in flashmemoryor
on USB drives connected to the instrument.

If you have any questions, contact the Tektronix Technical Support Center at
www.tektronix.com/support.

es and Modules.

ces (USB ports). These instructions tell you how to clear or sanitize

Reference

The procedures in this document are written to meet the requirements specified in:

NISPO

ISFO Process Manual for Certification & Accreditation of Classified Systems
under

M, DoD 5220.22–M, Chapter 8

NISPOM

Declassification and Security Instructions iii

Preface

Products

The following T

Oscilloscopes:

MDO4104C

MDO4054C

MDO4034C

MDO4024C

Applicati

on Modules:

DPO4AERO

DPO4AUDIO

DPO4AUTO

DPO4AUTOMAX

DPO4BND

DPO4CO

MP

DPO4EMBD

DPO4ENET

ektronix products are covered by this document:

DPO4LMT

DPO4PWR

DPO4USB

4VID

DPO

MDO4TRIG

MDO4AFG

MDO4MSO

iv Declassification and Security Instructions

Preface

Related documents

Terms

Other manu als f

or your instrument are available on the Tektronix Web site at

www.tektronix.com/download.

The following terms may be used in this document:

Clear. This removes data on media/memory before reusing it in a secured
area. All reusable memory is cleared to deny access to previously stored
informatio

n by standard means of acces s.

Demo setups. These setups come loaded in the instrument, and cannot be
modified by

the customer.

Erase. This is equivalent to clear.

Instrument Declassification. A term that refers to procedures that must be

undertaken before an instrument can be removed from a secure environment.
Declass

ification procedures include memory sanitization and memory

removal, and sometimes both.

Media s

torage/data export device. Any of several devices that can be used

to store or export data from the instrument, such as a USB port.

Nonvo

latile memory. Data is retained when the instrument is powered off.

Power off. Some instruments have a “Standby” mode, in which power is

l supplied to the instrument. For the purpose of clearing data, putting the

stil
instrument in Standby mode does not qualify as powering off. For these
products, you will need to remove the power source from the instrument.

Protected user data area. Contains data that is protected by a password.

ove. This is a physical means to clear the data by removing the memory

Rem

device from the instrument. Instructions are available in the product Service
Manual.

Sanitize. This eradicates the data from media/memory so that the data cannot
be recovered by other means or technology. This is typically used when the
device will be moved (temporarily or permanently) from a secured area to a
nonsecured area.

Scrub. The user is able to directly retrieve the memory device contents.

User-modifiable. The user can write to the memory device during normal

instrument operation, using the instrument interface or remote control.

Volatile memory. Data is lost when the instrument is powered off.

Declassification and Security Instructions v

Preface

vi Declassification and Security Instructions

Clear and Sanitize Procedures

The following terms are used in the tables in this section:

Type of U ser Info Stored

Method of Modification

User Ac

cessible

This column describes the type of user information that is stored in the device:

User data. Waveforms and other measurement data that represent signals
that users connect to the instrument.

User settings. Instrument settings that the user can change.

Both. Both user data and user settings are stored in the device.

None. Neither user data nor user settings are stored in the device.

This col

This column indicates whether you can retrieve the device contents:

umn indicates the method of modifying data :

Direct. The user can modify the data.

Indirect. The instrument system resources modify the data. The user cannot

modify the data.

Yes . You can directly retrieve the memory device contents.

No. You cannot retrieve the memory device contents.

To Clear

To Sanitize

This column tells how to clear data from the media or memory device before

sing it in a secured area. All reusable memory is cleared to deny access to

reu
previously stored information by standard means of access.

This column tells how to eradicate the data from the media or memory device so

at the data cannot be recovered by other means or technology. This is typically

th
used when the device will be moved (temporarily or permanently) from a secured
area to a nonsecured area.

Declassification and Security Instructions 1

Clear and Sanitize Procedures

Memory Devices

Table 1: Volatile memory devices

The following tables list the volatile and nonvolatile memory devices in the
standard instrument and listed options. Detailed procedures to clear or sanitize
these devices, if any, are shown following each table.

Type and minimum
size Function

CMOS, SDRAM,
128 Mbit x 16, 8 devices,
2Gbea,16G
DDR2, 1.8 V, 400 MHz
(Effective 800 MHz);
MT47H128
BGA

1

CMOS, SDRAM,
64 Mbit x 16, 8 devices
1 Gb ea, 8
DDR2, 1.8 V, 400 MHz
(Effective 800 MHz);
MT47H6
BGA

2

CMOS, SDRAM,
64M x 16, 1024 Mb
DDR2,
(Effective 800 MHz);
MT47H64M16HR-25E

3

CMOS
64M x 16, 1024 Mb
DDR2, 1.8 V, 400 MHz

fective 800 MHz);

(Ef
MT47H64M16HR-25E

4

CMOS, DRAM;
4M X 32,128 Mb,

RAM, 3.3 V;

SD
MT48LC4M32B2B\5-7,
90-BALL FBGA

11 MM X 13 MM),

(
DS4

b total,

M16RT-25E,

Gb total,

4M16HR-25E

1.8 V, 400 MHz

, SDRAM,

Contains
waveform
main
data
during
operatio

Contains
waveform
main
data
during

ion

operat

Contains
instrument
code
and
data

ng

duri
operation

ains

Cont
display
images

ing

dur
operation

Contains
code for

gital

di
waveform
processor

Typ e
of user
info
stored

Both No Indirect Front panel

n

Both No Indirect Front pan

Both No Indire

Both No Indirect Front panel control

ne

No

Backed
up by
battery

No In

Method
of
modifi-
cation

ct

direct

Data input
method Location

and oscilloscope
input channels

and oscilloscope
input channels

Front p
and oscilloscope
input channels.
Data i
USB port and
Ethernet port.

and o
input channels.

System

control

el control

anel control

nputs through

scilloscope

Main
Acquisition
board

Main
Acquisition
board

Main
acquisition
board

Main

isition

acqu
board

in

Ma
acquisition
board

User
accessible

No Remove

No Remove

No Remove

No Remove

No Re

To clear or
sanitize

power
from the
instrumen
for at least
20 seconds

power
from the
instrum
for at least
20 seconds

power
from the

ument

instr
for at least
20 seconds

r

powe
from the
instrument

at least

for
20 seconds

move
power
from the

strument

in
for at least
20 seconds

t

ent

2Declassification and Security Instructions

Table 1: Volatile memory devices (cont.)

Clear and Sanitize Procedures

Typ e

of u ser
Type and minimum
size Function

CMOS, DRAM;
16M x 16, 256
SDRAM, 3.3 V;
MT48LC16M16A2TG-8E,
TSOP54

5

ADG395 SRAM

1

DEMUX memory on RF ADC. Only used on products with option SA3 or SA6.

2

Product

3

Main processor memo ry. 4 devices, 1Gb ea.

4

SDIA video memory

5

MSO memory. Common to all versions.

Mb,

with option SA3 or SA6. - 8 devices on analog channel DEMUX. 1GHz non RF - 16 devices. <1GHz non RF - 8 devices.

Contains
digital
waveform
acquisition
memory

256 kB
(standard)

info

stored

Both No Indirect Front panel control

Arbitrary

waveform

storage,

not

backed

up by

battery

Backed
up by
battery

User
data

Method
of
modifi-
cation

Indirect Firmware

Data input
method Location

and digital input
channels

ns

operatio

Main
acquisition
board

IO board

User
accessible

No Remove

No Remove

To clear or
sanitize

power
from the
instrument
for at least
20 seconds

power
from the
instrument
for at lea
20 seconds

st

Declassification and Security Instructions 3

Clear and Sanitize Procedures

Table 2: Nonvol

atilememorydevices

Typ e

of user
Type and
minimum size Function

IC, Memory;
CMOS, EEPROM;
128 bits x 8,
1024 bits, Serial;
24C01, SO8.15

1

CMOS, FLASH; C,
512 Mb, 150 NS,
3 V, StrataFlash;
PC48F4400P0TB00A,
BGA64

2

1

Boot load EEPROM. Common to all versions.

2

Flash memory for program. Common to all models.

Contains
PowerPC
hardware
configuration

Contains the
instrument
firmware,
calibration
constants,
reference
waveforms,
instrument
setups, and
protected
user data
(PUD)

info

stored

None Indirect

Both Indirect Front panel control

Method of
modification

Data input
method Location

System

and oscilloscope
input channels.
Data inputs
through USB port
and Ethernet port.

Main
acquisition
board

Main
acquisition
board

User
accessible

No Not applicable - no

User can
access
only the
reference
part; not the
program

To sanitize or
clear

user data or settings

Not applicable for
calibration constants.

Use TekSecure to
clear reference
waveforms and
instrument setups.

(See page 9.)

You can disable the
LAN Ethernet and
clear information,
such as IP
addresses. (See
page 11.)

You can disable the
USB Device port.
(See page 12.)

You can overwrite
protected user
data (PUD). (See
page 10.)

4Declassification and Security Instructions

Clear and Sanitize Procedures

Table 3: Nonvol

atile memory devices – Application Modules

Typ e and

Module

DPO4AERO,
DPO4AUDIO,
DPO4AUTO,
DPO4AUTOMAX,
DPO4BND,
DPO4COMP,
DPO4EMBD,
DPO4ENET,
DPO4LMT,
DPO4PWR,
DPO4USB,
DPO4VID,
MDO4TRIG,
MDO4AFG,
MDO4MSO

EEPROM EEPROM 1 K

Serial
Real-Time
Clock

minimum size Function

IC, MEMORY;
CMOS,
EEPROM;
256 bits X 8,
2048 bits;
SERIAL; 24C02,
SO8.15

Serial real-time
clock

Type
of
user
info
stored

Option key

Holds signal

bit

generato
calibration
data

me

Real-ti
clock with
battery
backup

None Indirect

None Indirect Not applicable

r

Time
and
date

Method
of
modification

t

Indirec

Data input
method Location

System

IO board

icable

Not appl

Main boa

User
accessible

No To sanitize

Not
applicab

rd

Not
applicable

le

To cle ar or
sanitize

Refer to the
procedure,

Sanitizing an
Application
Module. (See

page 7.)

Not applicable,
no user da

Not appl
no user data

ta

icable,

Declassification and Security Instructions 5

Clear and Sanitize Procedures

Data Export Devices

Table 4: Data export devices

Type Function

USB host ports Supports the

removable USB
flash drive;
user storage
of reference
waveforms,
screen images,
and instrument
setups

Ethernet User storage

of reference
waveforms,
screen images,
and instrument
setups.

USB device port Supports remote

control and data
transfer to a PC

The following table lists the data export devices.

Method
of
modification

Direct

Direct

Direct Remote

Data input
method Location

System
resources

System
resources

control via
USBTMC

USB host
ports on the
front and
rear of the
instrument

LAN port
on rear of
instrument

USB device
port on
rear of
instrument

User
accessible To disable

Yes Files can be deleted or overwritten

Yes

No

on the instrument or a PC; the USB
flash drive can be removed and
destroyed.

The USB host ports cannot be
disabled.

Disconnect from network cable. The
Ethernet port can be disabled. (See
page 11.)

The USB Device port can be
disabled. (See page 12.)

6Declassification and Security Instructions

Clear and Sanitize Procedures

Sanitizing an

Application Module

To sanitize an application module, follow this procedure to return the module to
the default state.

NOTE. This p

to an oscilloscope. If the module license is not installed in an oscilloscope, the
module is already in the default state.

1. With the application module installed in an oscilloscope that contains the
module’s license, push the front-panel oscilloscope Utility button.

2. Use the Multipurpose a knob to select Config .

3. Select A

4. Under the Transfer Licenses menu, select to transfer the license to the desired

ation module. For example, to sanitize the DPO4AERO module, select:

applic
Transfer DPO4AERO License to Module.

NOTE. If the module cannot be selected in the menu, this indicates that the module

license is not contained in that oscilloscope. Install the module in an oscilloscope
that does contain the module license and then perform step 4.

rocedure is for an application module that has its license transferred

pplication Module Licenses.

5. The module is returned to the default state.

Declassification and Security Instructions 7

Clear and Sanitize Procedures

8Declassification and Security Instructions

Built-In Security Features

You can use the TekSecure function to erase setup and reference waveform data
stored in internal flash memory.

The MDO4000C Series models have four USB host ports (two o n the front and
two on the rear panel) and one USB device port on the rear panel. Any USB
devices can

be removed and stored or destroyed.

What TekSecure Does

To Use TekSecure

NOTE. TekSecure does not erase or change factory calibration constants, Ethernet

settings, Demo setups, o r protected user data. To overwrite protected user data,
use the pr

The TekSecure function does the following:

1. Push the front-panel Utility button.

ovided procedure. (See page 10, To Overwrite Protected User Data.)

Erases the flash sector containing the reference waveforms and saved setups
(except Demo setups ), setting all bytes to the value 0xff.

Replaces all waveforms in all reference waveform memories with the null
sample value of 0x8000.

Replaces the current front-panel setup and all stored setups (except Demo
setups) with the default setup values

Calculates the checksums of all reference waveform memory a nd setup
memory locations to verify successful completion of waveform and setup
erasure.

Displays a dialog box indicating whether the secure erase was successful
or unsucce

ssful.

2. Push the Utility Page lower-bezel button and use the Multipurpose a knob

3. Push the TekSecure Erase Memory lower-bezel button.

4. Push the OK Erase Setup and Ref Memory side-bezel button. Wait for the

5. Push the Menu Off front-panel button to close the dialog box.

To Reset the In strumen t

RAM

Declassification and Security Instructions 9

1. Power

2. Power on the instrument.

to select Config.

“TekSecure operation c omplete” dialog box to display.

off the instrument.

Built-In Security Features

To Overwrite Protected

User Data

This procedure

overwrites everything that is stored in the protected user data area.

Send the following commands to the oscilloscope:

:PASSWORD “XYZZY” (or current password if changed from the default of

“XYZZY”)

:NEWPASS “ANYTHING”

:PASSWORD “ANYTHING”

*PUD #3300xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxx xxx x[r epe at
for a total of 300 x’s]

NOTE. If you do not have access to a program that supports sending programmatic

commands to the instrument, copy the preceding commands to a text file that ends
in “.set

” and recall the fi le from the Recall Setup menu.

For more information on using programming commands, refer to the Programmer
Manual

for this instrument, available at www.tektronix.com/downloads.

10 Declassification and Security Instructions

Built-In Security Features

Disable the LA

N Port and Clear LAN Ethernet Settings

To disable the LAN port and clear LAN Ethernet settings, such as IP addresses,
follow these steps:

CAUTION. Wr

to restore network connectivity later.

1. Remove the

2. Push the front-panel Utility button.

3. Push the Utility Page lower-bezel button and use the Multipurpose a knob
to select I/O.

4. Clearthepasswordsasfollows:

a. Push the Ethernet & LXI lower-bezel button.

b. Go to page 2 of the menu.

c. Push the e*Scope Password right-bezel button.

d. Use the Multipurpose a knobtoselectDisabled.

ite down all setting values before clearing them, to enable you

network cable from the LAN port on the rear of the instrument.

e. Push the Change e*Scope & LXI Password right-bezel button.

f. Push the Clear lower-bezel button.

g. Push the OK Accept right-bezel button.

5. CleartheIPaddressesasfollows:

a. Push the Network Configuration lower-bezel button.

b. Push the Set IP Addresses Manually size-bezel button.

c. Select the Instrument IP Address by pushing the ↑ or ↓ arrow side-bezel

button, and then push the Clear lower-bezel button.

d. Select and clear the remaining addresses (Gateway IP, Subnet Mask,

and DNS IP Address).

e. Push the OK Accept

6. Clear the user and domain names as follows:

a. Push the Ethernet & LXI lower-bezel button.

b. Push the Change Names right-bezel button.

c. Clear the Host Name and Domain Name using the same method that

you used to clear the IP addresses.

right-bezel button.

Declassification and Security Instructions 11

d. Push the

OK Accept right-bezel button.

Built-In Security Features

The LAN system i
relevant LAN Ethernet settings are also cleared.

Disable the USB Device Port

To disable the USB device port, follow these steps:

1. Remove any U
instrument.

2. Push the fr

3. Push the Utility Page lower-bezel button and use the Multipurpose a knob

to select

4. Push the USB lower-bezel button.

5. Push the Disabled (Off Bus) side-bezel button to disable the USB device port.

Note that the USB low er-bezel button shows “Disabled.” The USB device port is
disabled and no longer allows data traffic in or out.

Use the

MDO4SEC option to disable all I/O po rts

s disabled and no longer allows data traffic in or out. The

SB cable or device from the USB device port on the rear of the

ont-panel Utility button.

I/O.

If your instrument has the M DO4SEC option installed, use the following
procedure to turn off all of the I/O ports.

1. Push the front panel Utility button.

2. Push the Utility Page lower-bezel button and use the Multipurpose a knob to
select Security.

3. Push the Security Password lower-bezel button.

4. Use the Multipurpose knob to enter a password.

5. Push the I/O Ports lower-bezel button.

o disable all USB and Ethernet ports on the oscilloscope, push the OK

T
Disable All Ports on the side-bezel button.

ush the Menu Off front-panel button to close the dialog box.

6.P

7. Power off the o scilloscope, and then power it back on to complete the process.

To reset the instrument RAM, do the following:

1. Power off the instrument for at least 20 seconds.

2. Power on the instrument.

12 Declassification and Security Instructions

Clear and S anitize a Nonfunctional Instrument

If your instrument is not functioning and you need to clear or sanitize it, proceed
as follows:

NOTE. The An

Please contact Tektronix before returning your instrument.

1. Remove the
internal policies regarding handling or disposal of the flash drive.

2. Remove th
refer to the Service manual f or the instrument, which is available o n the
Tektronix Web site at www.tektronix.com/manuals. Refer to your company's
internal policies regarding handling or disposal of the board.

3. Return the o scilloscope to Tektronix. A new Main board will be installed,
and the oscilloscope will be repaired. The oscilloscope will be adjusted as
necessary, which includes adjusting (calibrating) the new Main board and
the Analog board together.

4. Replacement of any missing hardware will be charged according to the rate
at the time of replacement.

alog board must be calibrated with the Main board by Tektronix.

USB flash drive from your oscilloscope. Refer to your company's

e Main board from your oscilloscope. For removal instructions,

Declassification and Security Instructions 13