Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 3744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why doesn't Sophos XG Software support EFI-Boot?

espressodriven

Hi all,

I recently bought a new server for my SophosXG which I run at home. Unfortunately I did forget that SophosXG still does not support EFI boot, so I did not think about that when purchasing the server. So now, because the device only supports EFI-Boot, and no legacy boot (aka CSM) I am left with the pretty unsatisfying situation that I have to run a Hypervisor on my new server to run the XG on it and sacrifice much simplicity and some performance. 

I mean yes, I do understand that it does not support EFI boot, but why?

Firstly even open source firewalling solutions like OPNSense or pfSense are able to boot on EFI only systems. Furthermore - as touched on in this old thread - XG's underlying OS has even been switched to Ubuntu/Debian in XG Version 18 https://community.sophos.com/sophos-xg-firewall/f/discussions/115320/exchange-of-underlying-linux-distribution-when-going-from-sfos-17-5-to-sfos-18-x-update-process-and-other-implications . Those two Linux distributions themselves support EFI boot for an eternity now.

Can someone, maybe from Sophos directly, elaborate on the "why"? I really struggle trying to understand what might be the reasons not to support EFI boot in 2024.

Best Regards

espressodriven



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I expect it is a marketing decision so that businesses that want the extra features buy sophos hardware and the compatible included software.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    thanks for sharing your point of view on this!

    I did consider that as well, but when you take into account that Sophos is selling Software-Licenses for XG, it does not seem logical to me.

    Best Regards

    espressodriven

Reply Children
  • 0 in reply to espressodriven

    Supporting UEFI means building UEFI for SFOS in general. Only a small part of customers run bare metal. This means, building uefi is not on the prioritylist for software, as only a really tiny (business) customer part will benefit from this and it costs a lot of resources to migrate from BIOS to uefi.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    yes, but that approach means the developments teams have to test two different kernels before each release, where as incorporating  UEFI into all builds would reduce the testing time.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

     

    Thank you very much for sharing your insights. So can we expect a UEFI compatible software version of SFOS to be made available at all? If so, can you share a gross timeline when you expect it to be the release? Is it - for example - in the planning for Version 21?

      

    So do I understand you correctly that there is already an UEFI-Compatible Version of SophosXG?

  • 0 in reply to rfcat_vk

    Right now, Sophos has a unified approach for all Software releases and does only need to test one suite. To implement UEFI means, to do it for all installations and all platforms, which increases the load on the teams (for no benefit for the majority of the customers)

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    My understanding is uefi is used on all current sophos hardware, that is basis for my comment.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to espressodriven

    Not in general, There is no UEFI version in general for SFOS. It is highly customized for the Sophos Hardware.

    Making the change for SFOS to support general UEFI is not on the roadmap for the near term.

    __________________________________________________________________________________________________________________

Unfiltered HTML