rtaylor@tron.UUCP (Randy Taylor) (05/21/91)
Classified Apollos A program exists, called "erase_disk", and is available from HP/Apollo. Here is the document supplied with the the program (LONG) ----------------------------CUT HERE----------------------------------------- DECLASSIFICATION OF APOLLO EQUIPMENT Apollo does provide users who use Apollo equipment with the capability to perform device and memory declassification procedures. Users who wish to declassify subsystems on Apollo equipment can use the facilities of the Diagnostics Executive (DEX) product to perform declassification of all device types. At sites where declassification occurs often, users can create DEX command files to automatically perform the procedures outlined below, or specify any other procedure deemed necessary and approved by the Accrediting Authority. RANDOM ACCESS MEMORY The standard requirement to declassify random access memory in systems processing up to and including TOP SECRET data is to cycle the power to it twice (turn off, wait 1 minute, turn on, wait for startup-diagnostics to complete, turn off). There is no backup memory power for RAM in Apollo systems, so this method will cause randomization and initialization of all random-access memory locations. In the event that more sensitive information is being processed, or if the accrediting agency is more stringent, other methods may be required. One requirement in existance for sensitive information is that every physical memory location be over-written 1000 times with random or unclassified bit patterns. This requirement, or variations on it, can be satisfied using the Diagnostic Executive (DEX) program. The memory diagnostic module will support declassification by permitting the user to overwrite every location in memory a user-specified number of times. The procedure is provided below: 1. Obtain the Mnemonic Debugger (MD) prompt. This can be done by issuing the 'SHUT' display manager or boot shell command or by powering the node up while in Service mode. 2. > EX DEX the computer will respond with identification information, then the DEX prompt; DEX> 3. Declassify the area of memory above the DEX software: DEX> RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @ { DEX will insert some identification information here } _> $00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555 4. DEX will then list the memory configuration of the system and ask if you want to restrict the address range to be tested. Enter 'N' for no. 5. DEX will then warn you that it cannot test certain ranges of memory, then starts the test on the remainder of memory available. This is because those parts of memory are occupied by DEX and the memory test programs: ENTERING "MEM.DEX.1" %WARNING: CANNOT TEST RANGE $01000000 TO $010007FF - (MEM.DEX/MCR) %WARNING: CANNOT TEST RANGE $01000800 TO $010447FF - (MEM.DEX/MCR) ... Note the lowest and the highest address in this list (in this case, $01000000 and $010447FF). 6. When the test completes, relocate the DEX system to the highest available memory locations: DEX> RELOC -HIGH 7. Repeat step 3. 8. In response to the query regarding restricting the address range, either answer 'N' as before, or save some time by restricting the memory to be tested to just those areas previously occupied by DEX: RESTRICT ADDRESS RANGE (Y, N) <N>: Y RESTRICTION BY BOARD # OR ADDRESS RANGE (B, R, N) <B>: R LOW RANGE ADDRESS TO TEST <$0>: $01000000 { using above data } HIGH RANGE ADDRESS TO TEST <$0>: $010447FF { using above data } LOW RANGE ADDRESS TO TEST <$0> : .. .. Note that the address range $01000000 TO $010007FF cannot be cleared using this method. This area of physical memory is reserved for the mnemonic debugger work space, and therefore is not available for use by either the operating system or any user. Because of its' restricted use, there is little or no risk that classified information will be stored in that memory page. The MD command TE will cause this area to be overwritten, and powering the node down will cause this page of memory to be 'randomized'. MAGNETIC REMOVABLE MEDIA It is recommended that media in this category, including 1/2" magnetic tape, floppy diskettes, and cartridge tapes, be either declassified using an NSA-approved degaussing device, or be destroyed in accordance with the appropriate service and/or DoD regulation(s). The use of a approved degaussing device is much more economic, saves wear and tear on the system peripherals, and is considered to present less of a security risk than using program-driven declassification tools. The procedure below outlines a DEX procedure to declassify floppy diskettes. Similar procedures can be performed on 1/2" tape magnetic tape and cartridge tape media, if necessary. The Diagnostic Executive (DEX) can be used to declassify floppy diskettes in accordance with Department of Defense Directive 5200.28. The procedure to accomplish this is as follows: 1. Obtain the Memnomic Debugger (MD) prompt. This can be done by issuing the 'SHUT' display manager or boot shell command or by powering the node up while in Service mode. 2. > EX DEX the computer will respond with identification information, then the DEX prompt; DEX> 3. DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $FFFF 4. DEX will warn you that the operation will destroy the contents of the disk, and ask you if you want to continue. Enter 'Y'. DEX will then execute the diagnostic. Ignore any bad spot errors reported. When complete, DEX will issue the DEX prompt. 5. Repeat steps 3 and 4, changing the pattern written to 0: DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $0 6. Repeat steps 3 and 4, changing the pattern argument to any random value: DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -RANDOM The diskette has now been declassified. WINCHESTER AND STORAGE MODULE DEVICES Like memory and floppy diskettes, Winchester and Storage Module Devices can be declassified using the Diagnostic Executive (DEX) utility if the procedure is approved by the Accrediting Authority. The procedure below meets the requirements of DoD Directive 5200.28. The user should be warned that some Accrediting Authorities WILL NOT accept any form of declassification and require that the device be destroyed. The procedure for declassification of a winchester disk or storage module follows: 1. Obtain the Mnemonic Debugger (MD) prompt. This can be done by issuing the 'SHUT' display manager or boot shell command or by powering the node up while in Service mode. 2. > EX DEX the computer will respond with identification information, then the DEX prompt; DEX> 3. Start the DEX write/read/verify test. For information on how to specify different disk devices on a multi-disk system, read the DEX manual, or use the DEX help facility to determine the arguments required. DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $FFFF {-controller x -drive y} 4. DEX will warn you that the operation will destroy the contents of the disk, and ask you if you want to continue. Enter 'Y'. DEX will then execute the diagnostic. Ignore any bad spot errors reported. When complete, DEX will issue the DEX prompt. 5. Repeat steps 3 and 4, changing the pattern written to 0: DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $0 6. Repeat steps 3 and 4, changing the pattern argument to any random value: DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -RANDOM The disk has now been declassified. --------------------------------------------------------------------------------- Command File Examples: create directory /sau_sys/declass create file /sau_sys/declass/dmem.cmd: INPUT -CMD RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @ $00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555 N RELOC -HIGH RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @ $00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555 TYPE 'MEMORY DECLASSIFICATION COMPLETE' --- Create a link in each of the SAU[1-10] directories to this file: /com/crl /sau[1-10]/dmem.cmd /sau_sys/declass/dmem.cmd -r Memory declassification can now be accomplished by entering the following command at the DEX prompt: DEX> DO dmem ----------------------------CUT HERE----------------------------------------- Check with your local Apollo rep - they should be aware of "erase_disk". Randy Taylor DISCLAIMER : Any opinions expressed here ARE MY OWN, not those of my employer. -- rtaylor@sky00.bwi.wec.com from an Internet site (preferred) rtaylor@tron.bwi.wec.com from an Internet site (alternate) "...you know I have the greatest enthusiam for the mission." HAL 9000