|SafeGuard Full Disk Encryption / SafeGuard Power-on Authentication (POA)|
Certain hardware settings and functionalities can lead to problems when starting endpoints, causing the system to no longer respond. The SafeGuard Power-on Authentication supports a number of hotkeys for modifying these hardware settings and deactivating functionalities. Furthermore, grey and black lists covering functions known to cause problems are integrated in the .msi file installed on the endpoint.
We recommend that you install an updated version of the SafeGuard POA configuration file before any significant deployment of SafeGuard Enterprise. The file is updated on a monthly basis and made available to download from Sophos knowledgebase article 65700.
You can customize this file to reflect the hardware of a particular environment.
To install the SafeGuard POA configuration file, enter the following command:
MSIEXEC /i <Client MSI package> POACFG=<path of the SafeGuard POA configuration file>
You can help us improve hardware compatibility by executing a tool that we provide to collect hardware relevant information only. The tool is very easy to use. The collected information is added to the hardware configuration file.
For more information, see Sophos knowledgebase article 110285.
The following hotkeys are supported in the SafeGuard POA:
Shift F3 = USB Legacy Support (on/off)
Shift F4 = VESA graphic mode (off/on)
Shift F5 = USB 1.x and 2.0 support (off/on)
Shift F6 = ATA Controller (off/on)
Shift F7 = USB 2.0 support only (off/on)
USB 1.x support remains as set by Shift F5.
Shift F9 = ACPI/APIC (off/on)
USB Hotkeys dependency matrix
|Shift F3||Shift F5||Shift F7||Legacy||USB 1.x||USB 2.0||Comment|
Shift F5 disables both USB 1.x and USB2.0.
If no USB support is active, the SafeGuard POA tries to use BIOS SMM instead of backing up and restoring the USB controller. The Legacy mode may work in this scenario.
Legacy support is active, USB is active. The SafeGuard POA tries to back up and restore the USB controller. The system might hang, depending on the BIOS version used.
You can specify changes that can be carried out using hotkeys when installing SafeGuard Enterprise encryption software using a .mst file. This is done using the appropriate call in combination with msiexec.
|NOVESA||Defines whether VESA or VGA mode is used: 0 = VESA mode (standard); 1 = VGA mode|
|NOLEGACY||Defines whether Legacy Support is activated after SafeGuard POA log on: 0 = Legacy Support activated; 1 = Legacy Support not activated (standard)|
|ALTERNATE:||Defines whether USB devices are supported by the SafeGuard POA: 0 = USB support is activated (standard); 1 = no USB support|
|NOATA||Defines whether int13 device driver is used: 0 = standard ATA device driver (default); 1 = Int13 device driver|
|ACPIAPIC||Defines whether ACPI/APIC support is used: 0 = no ACPI/APIC support (default); 1 = ACPI/APIC support active|