Variants of Full Disk Encryption in SafeGuard 6.10 / 7.0
Applies to the following Sophos product(s) and version(s)
SafeGuard Device Encryption 7.0
SafeGuard BitLocker Client 7.0
SafeGuard BitLocker Client 6.10.0
SafeGuard Device Encryption 6.10.0
Depending on the operating system you are using, different volume-based encryption options (also known as full-disk-encryption options) are available.
- Bitlocker C/R (optional addition to BitLocker on certain UEFI systems)
offers a SafeGuard Challenge/Response mechanism for BitLocker recovery (e.g. if a user forgets their PIN). In this case no one has access to the BitLocker recovery key, so this option is considered more secure than the standard BitLocker management. On the downside, disaster recovery options are limited.
- Bitlocker managed by SafeGuard
is the module that enables and manages the BitLocker encryption engine and the BitLocker pre-boot authentication. All BitLocker recovery methods offered by Microsoft, which require the BitLocker recovery key, are possible.
- SafeGuard Full Disk Encryption with POA
is the Sophos module for encrypting volumes on endpoints. It comes with a Sophos implemented pre-boot authentication named SafeGuard Power-on Authentication (POA) which support logon options like smartcard and fingerprint, and a Challenge/Response mechanism for recovery. We offer disaster recovery mechanisms (e.g. drive slaving, recovery using WinPE, etc.).
- FileVault 2 managed by SafeGuard
is the module that enables and manages the FileVault 2 encryption engine and pre-boot authentication. All FileVault 2 recovery methods offered by Apple, which require the FileVault recovery key, are possible.
The table below shows which encryption modes version 6.10 and 7.0 are supporting according to your operating system:
|OS ||BitLocker C/R* ||BitLocker |
managed by SafeGuard *
|SafeGuard full disk encryption |
with Power on Authentication (POA)
| FileVault 2 |
managed by SafeGuard
|Windows 7 BIOS ||n/a ||32bit, 64bit ||32bit, 64bit ||n/a |
|Windows 7 UEFI ||64bit ||64bit ||n/a ||n/a |
|Windows 8, 8.1 BIOS ||n/a ||32bit, 64bit ||n/a ||n/a |
|Windows 8, 8.1 UEFI ||64bit ||64bit ||n/a ||n/a |
|Windows 10 BIOS ||n/a ||32bit, 64bit ||n/a ||n/a |
|Windows 10 UEFI |
|64bit ||64bit ||n/a ||n/a |
|Mac OS X 10.8 ||n/a ||n/a ||n/a ||64bit |
|Mac OS X 10.9 ||n/a ||n/a ||n/a ||64bit |
|Mac OS X 10.10** ||n/a ||n/a ||n/a ||64bit |
* only available on the OS editions with BitLocker Support (Windows 7 Enterprise and Ultimate Edition, Windows 8/8.1 Pro and Enterprise Edition)
** Installations on OS X 10.10 require an updated installation package of the 6.10 client (version 22.214.171.1244), which is available in the download area of Sophos.com as of 24th of October 2014 or SafeGuard version 7.
Sophos SafeGuard Release Notes landing Page