Why doesn't Sophos XG Software support EFI-Boot?

Question

Hi all, 
 
 I recently bought a new server for my SophosXG which I run at home. Unfortunately I did forget that SophosXG still does not support EFI boot, so I did not think about that when purchasing the server. So now, because the device only supports EFI-Boot, and no legacy boot (aka CSM) I am left with the pretty unsatisfying situation that I have to run a Hypervisor on my new server to run the XG on it and sacrifice much simplicity and some performance. 
 I mean yes, I do understand that it does not support EFI boot, but why? 
 Firstly even open source firewalling solutions like OPNSense or pfSense are able to boot on EFI only systems. Furthermore - as touched on in this old thread - XG's underlying OS has even been switched to Ubuntu/Debian in XG Version 18 https://community.sophos.com/sophos-xg-firewall/f/discussions/115320/exchange-of-underlying-linux-distribution-when-going-from-sfos-17-5-to-sfos-18-x-update-process-and-other-implications . Those two Linux distributions themselves support EFI boot for an eternity now. 
 Can someone, maybe from Sophos directly, elaborate on the "why"? I really struggle trying to understand what might be the reasons not to support EFI boot in 2024. 
 
 Best Regards 
 espressodriven

LuCar Toni · Answer

Supporting UEFI means building UEFI for SFOS in general. Only a small part of customers run bare metal. This means, building uefi is not on the prioritylist for software, as only a really tiny (business) customer part will benefit from this and it costs a lot of resources to migrate from BIOS to uefi.

LuCar Toni · Answer

Right now, Sophos has a unified approach for all Software releases and does only need to test one suite. To implement UEFI means, to do it for all installations and all platforms, which increases the load on the teams (for no benefit for the majority of the customers)

Why doesn't Sophos XG Software support EFI-Boot?

Top Replies