Tektronix 6 Series B Mixed Signal Oscilloscopes Instruction Manual

Table of Contents

6 Series B Mixed Signal OscilloscopesDeclassification and Security Instructions(MSO64B, MSO66B, MSO68B)

Warning: The servicing instructions are for use by qualified personnel only. To avoid personal injury, do not perform any servicing unless you are qualified to do so. Refer to all safety summaries prior to performing service. Supports Product Firmware V1.28 and above

Register now!

Click the following link to protect your product. www.tek.com/register

077-1694-00

Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are protected by national copyright laws and international treaty provisions. Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Specifications and price change privileges reserved.

TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.Tektronix, Inc. 14150 SW Karl Braun Drive P.O. Box 500 Beaverton, OR 97077USAFor product information, sales, service, and technical support:

In North America, call 1-800-833-9200.
Worldwide, visit www.tek.com to find contacts in your area.

6 Series B Mixed Signal Oscilloscopes Declassification and Security Instructions

Preface

This document helps customers with data security concerns to sanitize or remove memory devices from their instruments.This series of instruments contains an open architecture PC with removable mass storage. You can order additional removable mass storage devices to swap in and out of the instrument as needed for security reasons.These products have data storage (memory) devices and data export interfaces (USB ports, Ethernet, and eSATA). These instructions describe how to clear or sanitize the memory devices and disable the data output interfaces. The instructions also describe how to declassify an instrument that is not functioning.

ReferenceThe procedures in this document are written to meet the requirements specified in:

NISPOM, DoD 5220.22–M, Chapter 8
INFO Process Manual for Certification & Accreditation of Classified Systems under NISPOM

Products

The following Tektronix products are covered by this document:

MSO64B
MSO66B
MSO68B

Terms

The following terms may be used in this document:

Clear. This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to deny access to previously stored information by standard means of access.
Erase. This is equivalent to clear.
Media. Storage/data export device. A device that is used to store or export data from the instrument, such as a USB port/USB flash drive.
Sanitize. This removes the data from media/memory so that the data cannot be recovered using any known technology. This is typically used when the device will be moved (temporarily or permanently) from a secured area to a nonsecured area.
Scrub. This is equivalent to sanitizing.
Remove. This is a physical means to clear the data by removing the memory device from the instrument. Instructions are available in the product service manual.
User Accessible. The user is able to directly retrieve the memory device contents.
User-Modifiable. The memory device can be written to by the user during normal instrument operation, using the instrument user interface or remote control.
Volatile memory. Data is lost when the instrument is powered off.
Non-user-accessible memory. Data is retained when the instrument is powered off.
Power off. Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For the purpose of clearing data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must remove the power source from the instrument.
Instrument Declassification. A term that refers to procedures that must be undertaken before an instrument can be removed from a secure environment. Declassification procedures include memory sanitization and memory removal, and sometimes both.

Clear and sanitize procedure

Memory device table terminology

The following terms are used in the tables in this section:

User data. Describes the type of information stored in the device. Refers to waveforms or other measurement data representing signals connected to the instrument by users.
User settings. Describes the type of information stored in the device. Refers to instrument settings that can be changed by the user.
Both. Describes the type of information stored in the device. It means that both user data and user settings are stored in the device.
None. Describes the type of information stored in the device. It means that neither user data or user settings are stored in the device.
Directly. Describes how data is modified. It means that the user can modify the data.
Indirectly. Describes how data is modified. It means that the instrument system resources modify the data and that the user cannot modify the data.

Memory devices

The following tables list the memory devices in the instrument.Table 1: Volatile memory

Type & min. size	Function	Type of user info stored	Backed up by battery?	Method of modification	Data Input method	Location	User accessible	To clear	To sanitize
SDRAM ≥ 32 GB	Host processor memory	Both	No	Directly	Written by processor system	Module socket (SODIMM) on processor module board	Yes	Remove power from the instrument for a minimum of 30 seconds.	Remove power from the instrument for a minimum of 30 seconds.
SDRAM ≥4 GB	Holds active acquisition data	User data	No	Indirectly	Applicatio n software operations	Module socket (SODIMM) on acquisition board	No	Remove power from the instrument for a minimum of 30 seconds.	Remove power from the instrument for a minimum of 30 seconds.
SDRAM ≥512 MB	Holds video graphics data	User data	No	Indirectly	Applicatio n software operations	Acquisitio n board	No	Remove power from the instrument for a minimum of 30 seconds.	Remove power from the instrument for a minimum of 30 seconds.
CMOS RAM ≥256 Bytes	Holds clock and BIOS configurati on data	None	Yes	Indirectly	BIOS operations	Processor module board	Yes	Remove power from the instrument and press the CMOS clear button for a minimum of 30 seconds.	Remove power from the instrument and press the CMOS clear button for a minimum of 30 seconds.

Table 2: Non-user-accessible memory

Type & min. size	Function	Type of user info stored	Method of modification	Data Input method	Location	User accessible	To clear	To sanitize
Linux Solid State Drive ≥256 GB	Host instrumentLinux operatingsystem andapplicationsoftware.Holds user-storabledata such aswaveforms,measurement results, andinstrumentsettings.	Both	Directly	Written byprocessorsystem,softwareoperations,user input	2.5″ SSD that is removable and is inserted in the socket on the bottom of the instrument.	Yes	Run theTekSecurefunction.SeeClearing the Linux SSD on page 9 .	Remove the SSD assembly from the instrument through the trap door in the bottom of the instrument.
EEPROM≥2 Kbit	Stores factory data, maintenance data, and user password	User settings User password is settable using PI commands	Indirect	Factory operations and programmatic commands	Acquisition board	Yes	Overwrite user password. (see Overwriting the user password on page 8 .) Clearing the entire memory device would disable instrument functionality.	Overwrite user password. (see Overwriting the user password on page 8 .) Sanitizing entire memory device would disable instrument functionality.
EEPROM ≥2 Kbit	Holds AFG calibration data	None	Indirect	Factory operations	AFG riser board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
EEPROM ≥64 Kbit	Holds the front panel USBconfiguration	None	None	Factory operations	Front panel LED board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
EEPROM ≥1 Kb depending on model	Holds the SODIMMmemory configuration data (SPD)	None	None	Factory operations	Module socket (SODIMM) on processor module board and module socket (SODIMM) on acquisition board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory ≥16 Mbit Two pieces	Holds a portion of the Acquisition FPGAconfiguration n	None	Indirect	Application software operations	Acquisition board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory ≥128 Mbit	Stores processor BIOS firmware, BIOS configuration n, and embedded controller firmware. The Ethernet MAC address is stored in this device.	None	Indirect	BIOS operations, operating system operations, and factory operations	Processor module board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory Unspecified size, three pieces	Stores power supply configuratio n data	None	Indirect	Application software operations	Internal to the UCD9248 power supply controller on the acquisition board and processor carrier board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory ≥32 KB	Stores power management controller firmware	None	Indirect	Application software operations	Internal to the MC9S08 microcontrol ler on the acquisition board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory ≥64 KB one piece	Stores analog board microcontroller firmware	None	Indirect	Application software operations	Internal to the MKL14 microcontroller on the analog board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
FLASH Memory on-chip 128KB and 32KB SRAM	Processor drives an EMMC NAND flash part that is 4 GB of memory and stores the factory calibration and licensing information	None	Indirect	Application software operations	MKL27 microcontrol ler on the front panel board. MKL02 parts on the front-end acquisition board. They each have 32KB on- chip FLASH. There is one MKL02 per channel.	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.
Flash Memory ≥0.33 Mbit	Stores the processor carrier FPGA configuration n	None	None	Factory operations	Internal to the LCMXO2 FPGA on the processor carrier board	No	Not applicable, does not contain user data or settings. Clearing would disable instrument functionality.	Not applicable, does not contain user data or settings. Sanitizing would disable instrument functionality.

Media and data export devicesThe following table lists the data export devices in the instrument.

Table 3: Media and Data export devices

Type	Function	Method of modification	Data input method	Location	User accessible	To disable
USB Host port (supports removable USB flash drive)	User storage of reference waveforms, screen images, and instrument setups, and installation of firmware updates	Directly	User writeable	Three USB host ports on the front panel of the instrument; four USB host ports on the back panel of the instrument	No	USB Host ports can be disabled for use with USB Storage devices behind password control. Note: This option is available if Option 6-SEC is installed.
USB Device port	Supports remote control and data transfer to a PC	Directly	Remote control using USBTMC	USB Device port on the back of the instrument	Yes	The USB Device port can be disabled by selecting Utility > I/O > USB DevicePort and setting the USB Device port to Off.
Note: This option is available if Option 6-SEC is installed.
Ethernet	Transfer data and remote control of the instrument.	Directly	Remote Control using LXI or Socket Server	Ethernet port on the back of the instrument	No	Ethernet port can be disabled behind password control Note: This option is available if Option 6-SEC is installed.

Option 6-SEC for a secure instrumentOption 6-SEC provides the highest level of instrument security for 6 Series B MSO products. Option 6-SEC features include:

Password protection to enable/disable external communication ports
Password protection to enable/disable firmware upgrades or downgrades
There is also a special BIOS installed that includes a default password (“Tektronix”). Additionally when the CMOS reset is pressed the BIOS password is reset to “Tektronix” instead of being removed.

Note: Option 6-SEC must be ordered at the same time as ordering an instrument.

Overwriting the user password

Use this procedure to change the user password. The user password is not currently functional or accessible in the oscilloscope user interface, but it is accessible from the programmatic interface. The user password is used to protect a “user string” that can be set and displayed in the UI. This functionality is a legacy functionality and while the user password does exist through the programmatic interface, there is no function to display the user string in the user interface on this instrument.

Connect a PC to the oscilloscope (Ethernet or USB Device port).
Use a Windows remote terminal or a similar program to communicate with the oscilloscope. Tap the Utility > I/O menu on the oscilloscope to see the current instrument settings.
Send the following commands to the oscilloscope:

a: PASSWORD “XYZZY” (or current password if changed from the default of “XYZZY”)b.:NEW PASS “NEW PASSWORD” (Or other passwords up to 16 characters)If you do not have access to a program that supports sending programmatic commands to the instrument, do the following:

Copy the preceding commands to a text file.
Compress the text file into a ZIP archive file that ends in “.set”.
Copy the file to a USB drive.
Insert the USB drive into the oscilloscope.
Recall the file from the Recall Setup dialog box (File > Recall > Setup tab).For more information on using programmatic commands, refer to your product programmer manual, available at www.tek.com/manuals.

Clearing or sanitizing SSDs

Clearing means that all customer-generated data in reusable memory (acquisition records, settings, measurements, screen captures, reports, and so on) is modified such that the data cannot be recovered using standard means of access. Standard means of access include typical OS file utilities. The data may still be on the memory device, but requires specialized software and/or hardware to recover. You typically clear an instrument when you want to erase files to clear space or turn the instrument over to another person or department.

Sanitizing means that all data in reusable memory is changed or overwritten such that the original data is no longer in memory, and the older data cannot be recovered using any known technology. You typically do a sanitize operation when you move an instrument (temporarily or permanently) from a secured area to a nonsecured area.To clean the Linux SSD, see Clearing the Linux SSD on page 9.To sanitize the Linux SSD, see Sanitizing the SSD on page 9.

Clearing the Linux SSD

The fastest way to clear the user-accessible memory is to run the TekSecure function. The TekSecure function writes all zeros in the user-data partition of the Linux SSD, and then reloads the partition with the necessary factory default files and directories.You can continue using the oscilloscope after running TekSecure, as TekSecure does not erase or change the operating system, factory calibration constants, Ethernet settings, or Demo setups.To run the TekSecure application:

Tap Utility > Security on the oscilloscope Menu bar.
Tap Run SQE Tests TekSecure to start the process. The process takes up to 10 minutes to run.

Note: As the SQE Tests TekSecure function overwrites data in the user-data partition of the SSD, and the old data cannot be recovered by known technology, then running SQE Tests TekSecure may meet your organizations needs for sanitizing and retaining a working instrument. Your organization must make this decision based on the fact that the other partitions on the SSD retain their data and files after running SQE Tests TekSecure.

Sanitizing the SSDThe instrument does not have any function to sanitize the entire SSD and retain instrument operation.

Troubleshooting

How to sanitize a non-functional instrument

If your instrument is not functioning, proceed as follows to sanitize the instrument to return to Tektronix for repair

Remove any attached USB flash drives or external USB drives from your oscilloscope. Refer to your company’s internalpolicies regarding handling or disposal of the flash drives.
Follow your company’s internal policies regarding the handling or disposal of these boards.
Reassemble the oscilloscope and return it to Tektronix. New boards will be installed. The oscilloscope will be calibratedand returned.

Note: Replacement of any missing or damaged hardware will be charged according to the rate at the time of replacement.

Repair chargesReplacement of any missing hardware will be charged according to the rate at the time of replacement.

Changelog

report this ad

6 Series B MSO Declassification and Security Instructions document changelog

Document part number	Revision date	Change description
–
–
–
–
–

References

[xyz-ips snippet=”download-snippet”]

Posted

2023-02-01

Tektronix

admin

Tags:

6-Series, B Mixed, Declassification, MSO64B, MSO66B, MSO68B, Oscilloscopes, security, Signal, Tektronix