rtaylor@tron.UUCP (Randy Taylor) (05/21/91)
Classified Apollos
A program exists, called "erase_disk", and is available from HP/Apollo.
Here is the document supplied with the the program (LONG)
----------------------------CUT HERE-----------------------------------------
DECLASSIFICATION OF APOLLO EQUIPMENT
Apollo does provide users who use Apollo equipment with the capability to
perform device and memory declassification procedures. Users who wish to
declassify subsystems on Apollo equipment can use the facilities of the
Diagnostics Executive (DEX) product to perform declassification of all device
types. At sites where declassification occurs often, users can create DEX
command files to automatically perform the procedures outlined below, or specify
any other procedure deemed necessary and approved by the Accrediting Authority.
RANDOM ACCESS MEMORY
The standard requirement to declassify random access memory in systems
processing up to and including TOP SECRET data is to cycle the power to it twice
(turn off, wait 1 minute, turn on, wait for startup-diagnostics to complete,
turn off). There is no backup memory power for RAM in Apollo systems, so this
method will cause randomization and initialization of all random-access memory
locations.
In the event that more sensitive information is being processed, or if the
accrediting agency is more stringent, other methods may be required. One
requirement in existance for sensitive information is that every physical memory
location be over-written 1000 times with random or unclassified bit patterns.
This requirement, or variations on it, can be satisfied using the Diagnostic
Executive (DEX) program. The memory diagnostic module will support
declassification by permitting the user to overwrite every location in memory a
user-specified number of times. The procedure is provided below:
1. Obtain the Mnemonic Debugger (MD) prompt. This can be done by issuing the
'SHUT' display manager or boot shell command or by powering the node up while in
Service mode.
2. > EX DEX
the computer will respond with identification information, then the
DEX prompt; DEX>
3. Declassify the area of memory above the DEX software:
DEX> RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @
{ DEX will insert some identification information here }
_> $00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555
4. DEX will then list the memory configuration of the system and ask if you
want to restrict the address range to be tested. Enter 'N' for no.
5. DEX will then warn you that it cannot test certain ranges of memory, then
starts the test on the remainder of memory available. This is because those
parts of memory are occupied by DEX and the memory test programs:
ENTERING "MEM.DEX.1"
%WARNING: CANNOT TEST RANGE $01000000 TO $010007FF - (MEM.DEX/MCR)
%WARNING: CANNOT TEST RANGE $01000800 TO $010447FF - (MEM.DEX/MCR)
...
Note the lowest and the highest address in this list (in this case, $01000000 and
$010447FF).
6. When the test completes, relocate the DEX system to the highest available
memory locations:
DEX> RELOC -HIGH
7. Repeat step 3.
8. In response to the query regarding restricting the address range,
either answer 'N' as before, or save some time by restricting the memory to
be tested to just those areas previously occupied by DEX:
RESTRICT ADDRESS RANGE (Y, N) <N>: Y
RESTRICTION BY BOARD # OR ADDRESS RANGE (B, R, N) <B>: R
LOW RANGE ADDRESS TO TEST <$0>: $01000000 { using above data }
HIGH RANGE ADDRESS TO TEST <$0>: $010447FF { using above data }
LOW RANGE ADDRESS TO TEST <$0> :
..
..
Note that the address range $01000000 TO $010007FF cannot be cleared using
this method. This area of physical memory is reserved for the mnemonic
debugger work space, and therefore is not available for use by either the
operating system or any user. Because of its' restricted use, there is
little or no risk that classified information will be stored in that memory
page. The MD command TE will cause this area to be overwritten, and
powering the node down will cause this page of memory to be 'randomized'.
MAGNETIC REMOVABLE MEDIA
It is recommended that media in this category, including 1/2" magnetic
tape, floppy diskettes, and cartridge tapes, be either declassified using an
NSA-approved degaussing device, or be destroyed in accordance with the
appropriate service and/or DoD regulation(s). The use of a approved degaussing
device is much more economic, saves wear and tear on the system peripherals, and
is considered to present less of a security risk than using program-driven
declassification tools. The procedure below outlines a DEX procedure to
declassify floppy diskettes. Similar procedures can be performed on 1/2"
tape magnetic tape and cartridge tape media, if necessary.
The Diagnostic Executive (DEX) can be used to declassify floppy diskettes in
accordance with Department of Defense Directive 5200.28. The procedure to
accomplish this is as follows:
1. Obtain the Memnomic Debugger (MD) prompt. This can be done by issuing the
'SHUT' display manager or boot shell command or by powering the node up while in
Service mode.
2. > EX DEX
the computer will respond with identification information, then the
DEX prompt; DEX>
3. DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $FFFF
4. DEX will warn you that the operation will destroy the contents of the disk,
and ask you if you want to continue. Enter 'Y'. DEX will then execute the
diagnostic. Ignore any bad spot errors reported. When complete, DEX will
issue the DEX prompt.
5. Repeat steps 3 and 4, changing the pattern written to 0:
DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $0
6. Repeat steps 3 and 4, changing the pattern argument to any random value:
DEX> RUN FLP 10 -ENTIRE -NOBADSPOTS -WRITE -RANDOM
The diskette has now been declassified.
WINCHESTER AND STORAGE MODULE DEVICES
Like memory and floppy diskettes, Winchester and Storage Module Devices can
be declassified using the Diagnostic Executive (DEX) utility if the procedure is
approved by the Accrediting Authority. The procedure below meets the
requirements of DoD Directive 5200.28. The user should be warned that some
Accrediting Authorities WILL NOT accept any form of declassification and require
that the device be destroyed.
The procedure for declassification of a winchester disk or storage
module follows:
1. Obtain the Mnemonic Debugger (MD) prompt. This can be done by issuing the
'SHUT' display manager or boot shell command or by powering the node up while in
Service mode.
2. > EX DEX
the computer will respond with identification information, then the
DEX prompt; DEX>
3. Start the DEX write/read/verify test. For information on how to specify
different disk devices on a multi-disk system, read the DEX manual, or use the
DEX help facility to determine the arguments required.
DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $FFFF {-controller x -drive y}
4. DEX will warn you that the operation will destroy the contents of the disk,
and ask you if you want to continue. Enter 'Y'. DEX will then execute the
diagnostic. Ignore any bad spot errors reported. When complete, DEX will
issue the DEX prompt.
5. Repeat steps 3 and 4, changing the pattern written to 0:
DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -PAT $0
6. Repeat steps 3 and 4, changing the pattern argument to any random value:
DEX> RUN WIN 10 -ENTIRE -NOBADSPOTS -WRITE -RANDOM
The disk has now been declassified.
---------------------------------------------------------------------------------
Command File Examples:
create directory /sau_sys/declass
create file /sau_sys/declass/dmem.cmd:
INPUT -CMD
RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @
$00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555
N
RELOC -HIGH
RUN MEM 100 -PASS 100 -PAT $FFFFFFFF 0 $AAAAAAAA $55555555 @
$00FF00FF $FF00FF00 $FFFFFFFF 0 $AAAAAAAA $55555555
TYPE 'MEMORY DECLASSIFICATION COMPLETE'
---
Create a link in each of the SAU[1-10] directories to this file:
/com/crl /sau[1-10]/dmem.cmd /sau_sys/declass/dmem.cmd -r
Memory declassification can now be accomplished by entering the
following command at the DEX prompt:
DEX> DO dmem
----------------------------CUT HERE-----------------------------------------
Check with your local Apollo rep - they should be aware of "erase_disk".
Randy Taylor
DISCLAIMER : Any opinions expressed here ARE MY OWN, not those of my
employer.
--
rtaylor@sky00.bwi.wec.com from an Internet site (preferred)
rtaylor@tron.bwi.wec.com from an Internet site (alternate)
"...you know I have the greatest enthusiam for the mission." HAL 9000