Sanitization of Internal Memory

The concept of sanitizing a SecureSync unit refers to erasing usage data that may be stored in volatile and/or non-volatile memory, i.e. permanently eliminating any data that could be used to trace the unit's former usage. This data may include – but is not limited to – logs, configuration settings, IP addresses, passwords, GNSS geographic positioning data, and network-specific usage data.

The table below lists what data is stored in which memory, and how to sanitize the respective device. For additional information, contact Technical Support.

Data storage locations and sanitization options

Memory Device and Type	Volatile/ Non-Volatile	Size	User Mod	Function	Sanitization Options
Socketed Compact Flash Card	NV	1GB	Yes	Stores the main operating system, configuration parameters, and logs	1) Using Web UI functions to reset configuration parameters: - `Restore factory configuration, clean upgrade`: resets network configuration and GPS coordinates) - `Restore configuration` (retains network configurations and GPS coordinates) AND Change/delete network configurations and GPS coordinates (several ways) 2) Via CLI or front panel (clean, or cleanhalt) 3) Remove CF card (unit will no longer function)
Microprocessor (ETX)	V	512MB RAM	No	BIOS data is required for system operation.	Cleared on power loss.
NV	512 kB (4MBit) Flash	No	BIOS backed up by an onboard battery	The BIOS time/date is lost when the battery is removed.
Timing System (EEPROM)	NV	8kB	Yes and No	Some configuration data used by the timing system: - Status flags used in 8MB Flash. (changed during an upgrade process) - System uptime counter - Reference priority table (saved through power cycles) - GPS mode on startup - Oscillator DAC and calibration data.	None. These configuration parameters can be overwritten by the user, or will be automatically reset to factory default upon restore or clean (see above). None.
Timing System (Flash)	NV	8MB	No	The 8MB flash contains run-time and default firmware and FPGA images; this memory is utilized to store new images during normal operation.	There is no sanitization procedure available for the 8MB flash, but no user data is stored in this memory. It is only utilized to store the software and FPGA images.
Timing System (SDRAM)	V	8MB	No	FPGA V12	Data will be deleted during power down.
Timing System Microprocessor (Coldfire)	NV	512KB Flash	No	Contains the boot loader firmware and a compressed FPGA image.	This memory is not accessible during normal operation.
GNSS Receiver (Trimble SMT)	NV	4MB Flash	Yes/ No	GNSS position, mode, comm. protocols and upgrade files (if any).	Web UI functions: position clear, receiver mode reset
V	32MB SRAM	No	Satellite ephemeris and almanac data.	Power off
SAASM GPS Receiver (Trimble Force 22)	V	Battery backed RAM	Yes	Stores ephemeris and almanac data, run-time, any loaded encryption keys and positional information (lat., long. & alt.)	1) Zeroize function deletes only the encryption keys that may have been loaded. The receiver will continue to operated in commercial mode. Zeroize can also be performed via front panel Zeroize switch, or via Web UI, or via CLI command. 2) Emergency Zeroize function erases entire contents of RAM, including any encryption keys. This function can only be performed via Web UI or CLI command. 3) Power-off and battery removal is the same as Emergency Zeroize.
GB-GRAM Receiver	NV	Flash	No	Stores all loaded GPS receiver encryption keys.	As outlined above under SAASM GPS Receiver.
V	Battery backed RAM	No	Stores ephemeris and almanac data, run-time, and positional information (lat., long. & alt.)	1) As outlined above under SAASM GPS Receiver, but no zeroize via front panel switch. 2) Power off and battery removal is the same as Emergency Zeroize.
Multi-port Network Option Card	NV	1Mbit serial SPI Flash	No	Each network processor has dedicated, non user-accessible 1MB SPI Flash memory which stores the associated MAC address for each network port. The MAC address for each network port is pre-programmed at the factory. The MAC address cannot be erased without rendering the Option Card inoperable.	None, or remove and destroy.
PTP option cards	NV	EEPROM	No	Stores user settings that are used by the PTP microcontroller.	Same as any other configuration parameters accessible in the Web UI.
All other option cards with FPGA	NV	8Mbit serial SPI Flash	No	Stores a primary and backup FPGA image. These images re field-upgradeable but no other information is stored or accessible in this memory.	None, or remove and destroy.

Memory Device and Type

Volatile/ Non-Volatile

Size

User Mod

Function

Sanitization Options

Socketed Compact Flash Card

1GB

Yes

Stores the main operating system, configuration parameters, and logs

1) Using Web UI functions to reset configuration parameters:
- Restore factory configuration, clean upgrade: resets network configuration and GPS coordinates)
- Restore configuration (retains network configurations and GPS coordinates)
AND
Change/delete network configurations and GPS coordinates (several ways)
2) Via CLI or front panel (clean, or cleanhalt)
3) Remove CF card (unit will no longer function)

Microprocessor (ETX)

512MB RAM

BIOS data is required for system operation.

Cleared on power loss.

512 kB (4MBit) Flash

BIOS backed up by an onboard battery

The BIOS time/date is lost when the battery is removed.

Timing System (EEPROM)

8kB

Yes and No

Some configuration data used by the timing system:
- Status flags used in 8MB Flash. (changed during an upgrade process)
- System uptime counter
- Reference priority table (saved through power cycles)
- GPS mode on startup
- Oscillator DAC and calibration data.

None.

These configuration parameters can be overwritten by the user, or will be automatically reset to factory default upon restore or clean (see above).

None.

Timing System (Flash)

8MB

The 8MB flash contains run-time and default firmware and FPGA images; this memory is utilized to store new images during normal operation.

There is no sanitization procedure available for the 8MB flash, but no user data is stored in this memory. It is only utilized to store the software and FPGA images.

Timing System (SDRAM)

8MB

FPGA V12

Data will be deleted during power down.

Timing System Microprocessor (Coldfire)

512KB Flash

Contains the boot loader firmware and a compressed FPGA image.

This memory is not accessible during normal operation.

GNSS Receiver (Trimble SMT)

4MB Flash

Yes/ No

GNSS position, mode, comm. protocols and upgrade files (if any).

Web UI functions: position clear, receiver mode reset

32MB SRAM

Satellite ephemeris and almanac data.

Power off

SAASM GPS Receiver (Trimble Force 22)

Battery backed RAM

Yes

Stores ephemeris and almanac data, run-time, any loaded encryption keys and positional information (lat., long. & alt.)

1) Zeroize function deletes only the encryption keys that may have been loaded. The receiver will continue to operated in commercial mode. Zeroize can also be performed via front panel Zeroize switch, or via Web UI, or via CLI command.
2) Emergency Zeroize function erases entire contents of RAM, including any encryption keys. This function can only be performed via Web UI or CLI command.
3) Power-off and battery removal is the same as Emergency Zeroize.

GB-GRAM Receiver

Flash

Stores all loaded GPS receiver encryption keys.

As outlined above under SAASM GPS Receiver.

Battery backed RAM

Stores ephemeris and almanac data, run-time, and positional information (lat., long. & alt.)

1) As outlined above under SAASM GPS Receiver, but no zeroize via front panel switch.
2) Power off and battery removal is the same as Emergency Zeroize.

Multi-port Network Option Card

1Mbit serial SPI Flash

Each network processor has dedicated, non user-accessible 1MB SPI Flash memory which stores the associated MAC address for each network port. The MAC address for each network port is pre-programmed at the factory. The MAC address cannot be erased without rendering the Option Card inoperable.

None, or remove and destroy.

PTP option cards

EEPROM

Stores user settings that are used by the PTP microcontroller.

Same as any other configuration parameters accessible in the Web UI.

All other option cards with FPGA

8Mbit serial SPI Flash

Stores a primary and backup FPGA image. These images re field-upgradeable but no other information is stored or accessible in this memory.

None, or remove and destroy.

Physically Removing the CF Card

Remove the top cover off the chassis.

Locate the card socket on the main PCB.

Remove the metal bar that holds the card in the socket.

Cleaning/Restoring

Starting in system software version 4.8.7 (see under TOOLS > SYSTEM: Upgrade/Backup), the Compact Flash card can be modified in several different ways via Actions panel under TOOLS > SYSTEM: Upgrade/Backup:

Restore Configuration: This will reset all user configurations to factory defaults with the exception of networking settings and GPS position. Network settings can be changed, if desired, via the Web UI, via the front panel, or the serial command line interface. The GPS position can be deleted via INTERFACES > REFERENCES: GNSS 0.

* Clean Configuration and Halt *: This will delete the network settings and the GPS position, as well as resetting all other user configurations to factory default. Alternatively, "Clean" or "CleanHalt" can be initiated through the front panel or command line interface.

Removing other files from the CF Card

While the restore and clean functions reset the configuration parameters, they do not remove any files that may have been uploaded via FTP. One way to delete these files, if any, is via the Update System Software functionality under TOOLS > SYSTEM: Upgrade/Backup.

The Clean Upgrade function wipes the CF card clean and recreates every system file. An upgrade alone does not.

Note: When selecting both the Perform Upgrade checkbox, and the Clean Upgrade checkbox, Force Upgrade will also be automatically selected, as necessary for this process.

Sanitization of Internal Memory

Physically Removing the CF Card

Cleaning/Restoring

Removing other files from the CF Card

Further Reading