Tektronix 6 Series B Mixed Signal Oscilloscopes Instruction Manual

6 Series B Mixed Signal OscilloscopesDeclassification and Security Instructions(MSO64B, MSO66B, MSO68B)

Warning: The servicing instructions are for use by qualified personnel only. To avoid personal injury, do not perform any servicing unless you are qualified to do so. Refer to all safety summaries prior to performing service. Supports Product Firmware V1.28 and above

Register now!

Click the following link to protect your product. www.tek.com/register

077-1694-00

Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by national copyright laws and international treaty provisions. Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Specifications and price change privileges reserved.

TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.Tektronix, Inc. 14150 SW Karl Braun Drive P.O. Box 500 Beaverton, OR 97077USAFor product information, sales, service, and technical support:

  • In North America, call 1-800-833-9200.
  • Worldwide, visit www.tek.com to find contacts in your area.

6 Series B Mixed Signal Oscilloscopes Declassification and Security Instructions

Preface

This document helps customers with data security concerns to sanitize or remove memory devices from their instruments.This series of instruments contains an open architecture PC with removable mass storage. You can order additional removable mass storage devices to swap in and out of the instrument as needed for security reasons.These products have data storage (memory) devices and data export interfaces (USB ports, Ethernet, and eSATA). These instructions describe how to clear or sanitize the memory devices and disable the data output interfaces. The instructions also describe how to declassify an instrument that is not functioning.

ReferenceThe procedures in this document are written to meet the requirements specified in:

  • NISPOM, DoD 5220.22–M, Chapter 8
  • INFO Process Manual for Certification & Accreditation of Classified Systems under NISPOM

Products

The following Tektronix products are covered by this document:

  • MSO64B
  • MSO66B
  • MSO68B

Terms

The following terms may be used in this document:

  • Clear. This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to deny access to previously stored information by standard means of access.
  • Erase. This is equivalent to clear.
  • Media. Storage/data export device. A device that is used to store or export data from the instrument, such as a USB port/USB flash drive.
  • Sanitize. This removes the data from media/memory so that the data cannot be recovered using any known technology. This is typically used when the device will be moved (temporarily or permanently) from a secured area to a nonsecured area.
  • Scrub. This is equivalent to sanitizing.
  • Remove. This is a physical means to clear the data by removing the memory device from the instrument. Instructions are available in the product service manual.
  • User Accessible. The user is able to directly retrieve the memory device contents.
  • User-Modifiable. The memory device can be written to by the user during normal instrument operation, using the instrument user interface or remote control.
  • Volatile memory. Data is lost when the instrument is powered off.
  • Non-user-accessible memory. Data is retained when the instrument is powered off.
  • Power off. Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For the purpose of clearing data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must remove the power source from the instrument.
  • Instrument Declassification. A term that refers to procedures that must be undertaken before an instrument can be removed from a secure environment. Declassification procedures include memory sanitization and memory removal, and sometimes both.

Clear and sanitize procedure

Memory device table terminology

The following terms are used in the tables in this section:

  • User data. Describes the type of information stored in the device. Refers to waveforms or other measurement data representing signals connected to the instrument by users.
  • User settings. Describes the type of information stored in the device. Refers to instrument settings that can be changed by the user.
  • Both. Describes the type of information stored in the device. It means that both user data and user settings are stored in the device.
  • None. Describes the type of information stored in the device. It means that neither user data or user settings are stored in the device.
  • Directly. Describes how data is modified. It means that the user can modify the data.
  • Indirectly. Describes how data is modified. It means that the instrument system resources modify the data and that the user cannot modify the data.

Memory devices

The following tables list the memory devices in the instrument.Table 1: Volatile memory

Type & min. size Function Type of user info stored Backed up by battery? Method of modification Data Input method Location User accessible To clear To sanitize
SDRAM

≥ 32 GB

Host processor memory Both No Directly Written by processor system Module socket (SODIMM)

on processor module board

Yes Remove power from the instrument for a minimum of 30 seconds. Remove power from the instrument for a minimum of 30 seconds.
SDRAM

≥4 GB

Holds active acquisition data User data No Indirectly Applicatio n software operations Module socket (SODIMM)

on acquisition board

No Remove power from the instrument for a minimum of 30 seconds. Remove power from the instrument for a minimum of 30 seconds.
SDRAM

≥512 MB

Holds video graphics data User data No Indirectly Applicatio n software operations Acquisitio n board No Remove power from the instrument for a minimum of 30 seconds. Remove power from the instrument for a minimum of 30 seconds.
CMOS RAM

≥256

Bytes

Holds clock and BIOS

configurati on data

None Yes Indirectly BIOS

operations

Processor module board Yes Remove power from the instrument and press the CMOS clear button for a minimum of 30 seconds. Remove power from the instrument and press the CMOS clear button for a minimum of 30 seconds.

Table 2: Non-user-accessible memory

Type & min. size Function Type of user info stored Method of modification Data Input method Location User accessible To clear To sanitize
Linux Solid State Drive ≥256 GB Host instrumentLinux operatingsystem andapplicationsoftware.Holds user-storabledata such aswaveforms,measurement results, andinstrumentsettings. Both Directly Written byprocessorsystem,softwareoperations,user input 2.5″ SSD

that is removable and is inserted in the socket on the bottom of the instrument.

Yes Run theTekSecurefunction.SeeClearing the

Linux SSD

on page 9

.

Remove the

SSD

assembly

from the

instrument

through the

trap door in

the bottom

of the

instrument.

EEPROM≥2 Kbit Stores factory data, maintenance data, and user password User settings User password is settable using PI commands Indirect Factory operations and programmatic commands Acquisition board Yes Overwrite user password. (see Overwriting the user password on page 8

.) Clearing the entire memory device would disable instrument functionality.

Overwrite user password. (see Overwriting the user password on page 8

.) Sanitizing entire memory device would disable instrument functionality.

EEPROM

≥2 Kbit

Holds AFG calibration data None Indirect Factory operations AFG riser board No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

EEPROM

≥64 Kbit

Holds the front panel USBconfiguration None None Factory operations Front panel LED board No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

EEPROM

≥1 Kb

depending on model

Holds the SODIMMmemory configuration data (SPD) None None Factory operations Module socket (SODIMM)

on processor module board and module socket (SODIMM)

on acquisition board

No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

≥16 Mbit Two pieces

Holds a portion of the Acquisition FPGAconfiguration n None Indirect Application software operations Acquisition board No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

≥128 Mbit

Stores processor BIOS

firmware, BIOS

configuration n, and embedded controller firmware. The Ethernet MAC

address is stored in this device.

None Indirect BIOS

operations, operating system operations, and factory operations

Processor module board No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

Unspecified size, three pieces

Stores power supply configuratio n data None Indirect Application software operations Internal to the UCD9248

power supply controller on the acquisition board and processor carrier board

No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

≥32 KB

Stores power management controller firmware None Indirect Application software operations Internal to the MC9S08

microcontrol ler on the acquisition board

No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

≥64 KB

one piece

Stores analog board microcontroller firmware None Indirect Application software operations Internal to the MKL14 microcontroller on the analog board No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

FLASH

Memory on-chip 128KB and 32KB SRAM

Processor drives an EMMC

NAND flash part that is 4 GB of memory and stores the factory calibration and licensing information

None Indirect Application software operations MKL27

microcontrol ler on the front panel board.

MKL02

parts on the front-end acquisition board. They each have 32KB on-

chip FLASH.

There is one MKL02 per channel.

No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Flash Memory

≥0.33 Mbit

Stores the processor carrier FPGA

configuration n

None None Factory operations Internal to the LCMXO2

FPGA on the processor carrier board

No Not applicable, does not contain user data or settings.

Clearing would disable instrument functionality.

Not applicable, does not contain user data or settings.

Sanitizing would disable instrument functionality.

Media and data export devicesThe following table lists the data export devices in the instrument.

Table 3: Media and Data export devices

Type Function Method of modification Data input method Location User accessible

To disable

USB Host port

(supports removable USB flash drive)

User storage of reference waveforms, screen images, and instrument setups, and installation of firmware updates Directly User writeable Three USB host ports on the front panel of the instrument; four USB host ports on the back panel of the instrument No USB Host ports can be disabled for use with USB Storage devices behind password control.

Note: This option is available if Option 6-SEC is installed.

USB Device port Supports remote control and data transfer to a PC Directly Remote control using USBTMC USB Device port on the back of the instrument Yes The USB Device port can be disabled by selecting Utility > I/O > USB DevicePort and setting the USB Device port to Off.
Note: This option is available if Option 6-SEC is installed.
Ethernet Transfer data and remote control of the instrument. Directly Remote Control using LXI or Socket Server Ethernet port on the back of the instrument No Ethernet port can be disabled behind password control

Note: This option is available if Option 6-SEC is installed.

Option 6-SEC for a secure instrumentOption 6-SEC provides the highest level of instrument security for 6 Series B MSO products. Option 6-SEC features include:

  • Password protection to enable/disable external communication ports
  • Password protection to enable/disable firmware upgrades or downgrades
  • There is also a special BIOS installed that includes a default password (“Tektronix”). Additionally when the CMOS reset is pressed the BIOS password is reset to “Tektronix” instead of being removed.

Note: Option 6-SEC must be ordered at the same time as ordering an instrument.

Overwriting the user password

Use this procedure to change the user password. The user password is not currently functional or accessible in the oscilloscope user interface, but it is accessible from the programmatic interface. The user password is used to protect a “user string” that can be set and displayed in the UI. This functionality is a legacy functionality and while the user password does exist through the programmatic interface, there is no function to display the user string in the user interface on this instrument.

  1. Connect a PC to the oscilloscope (Ethernet or USB Device port).
  2. Use a Windows remote terminal or a similar program to communicate with the oscilloscope. Tap the Utility > I/O menu on the oscilloscope to see the current instrument settings.
  3. Send the following commands to the oscilloscope:

a: PASSWORD “XYZZY” (or current password if changed from the default of “XYZZY”)b.:NEW PASS “NEW PASSWORD” (Or other passwords up to 16 characters)If you do not have access to a program that supports sending programmatic commands to the instrument, do the following:

  1. Copy the preceding commands to a text file.
  2. Compress the text file into a ZIP archive file that ends in “.set”.
  3. Copy the file to a USB drive.
  4. Insert the USB drive into the oscilloscope.
  5. Recall the file from the Recall Setup dialog box (File > Recall > Setup tab).For more information on using programmatic commands, refer to your product programmer manual, available at www.tek.com/manuals.

Clearing or sanitizing SSDs

Clearing means that all customer-generated data in reusable memory (acquisition records, settings, measurements, screen captures, reports, and so on) is modified such that the data cannot be recovered using standard means of access. Standard means of access include typical OS file utilities. The data may still be on the memory device, but requires specialized software and/or hardware to recover. You typically clear an instrument when you want to erase files to clear space or turn the instrument over to another person or department.

Sanitizing means that all data in reusable memory is changed or overwritten such that the original data is no longer in memory, and the older data cannot be recovered using any known technology. You typically do a sanitize operation when you move an instrument (temporarily or permanently) from a secured area to a nonsecured area.To clean the Linux SSD, see Clearing the Linux SSD on page 9.To sanitize the Linux SSD, see Sanitizing the SSD on page 9.

Clearing the Linux SSD

The fastest way to clear the user-accessible memory is to run the TekSecure function. The TekSecure function writes all zeros in the user-data partition of the Linux SSD, and then reloads the partition with the necessary factory default files and directories.You can continue using the oscilloscope after running TekSecure, as TekSecure does not erase or change the operating system, factory calibration constants, Ethernet settings, or Demo setups.To run the TekSecure application:

  1. Tap Utility > Security on the oscilloscope Menu bar.
  2. Tap Run SQE Tests TekSecure to start the process. The process takes up to 10 minutes to run.

Note: As the SQE Tests TekSecure function overwrites data in the user-data partition of the SSD, and the old data cannot be recovered by known technology, then running SQE Tests TekSecure may meet your organizations needs for sanitizing and retaining a working instrument. Your organization must make this decision based on the fact that the other partitions on the SSD retain their data and files after running SQE Tests TekSecure.

Sanitizing the SSDThe instrument does not have any function to sanitize the entire SSD and retain instrument operation.

Troubleshooting

How to sanitize a non-functional instrument

If your instrument is not functioning, proceed as follows to sanitize the instrument to return to Tektronix for repair

  1. Remove any attached USB flash drives or external USB drives from your oscilloscope. Refer to your company’s internalpolicies regarding handling or disposal of the flash drives.
  2. Follow your company’s internal policies regarding the handling or disposal of these boards.
  3. Reassemble the oscilloscope and return it to Tektronix. New boards will be installed. The oscilloscope will be calibratedand returned.

Note: Replacement of any missing or damaged hardware will be charged according to the rate at the time of replacement.

Repair chargesReplacement of any missing hardware will be charged according to the rate at the time of replacement.

Changelog

report this ad

6 Series B MSO Declassification and Security Instructions document changelog

Document part number Revision date Change description

References

[xyz-ips snippet=”download-snippet”]