As of Sophos SafeGuard Disk Encryption for Mac 6.0.x it is now possible to deactivate the power-on authentication permanently.
A deactivated POA keeps the partitions encrypted, but does not require interactive authentication at pre-boot. This enables e.g. the use of unannounced operating system boot-ups via Wake-on Lan.
Please note: The security of SafeGuard Encryption 6.0.x for Mac is lowered in this POA state, as POA boot does not require any user interaction.
Known to apply to the following Sophos product(s) and version(s)
Sophos SafeGuard Disk Encryption for Mac 6.01.0
Sophos SafeGuard Disk Encryption for Mac 6.00.0
All supported operating systems
What To Do
The POA can be turned on and off via GUI or SGADMIN.
Please note: Turning the POA on or off requires an additional SafeGuard admin authentication.
The SGADMIN commands are:
- sgadmin --poa on (turn on POA)
- sgadmin --poa off (turn off POA)
WARNING: Disabling Power-on Authentication reduces the level of security for your system and is therefore not recommended!
This information is NOT valid for SafeGuard Disk Encryption for Mac version 6.10.