Sophos SafeGuard Disk
Encryption for Mac
Administrator help
Product version: 6.1
Document date: February 2014
Contents
1 About SafeGuard Disk Encryption for Mac............................................................................................3
2 Installation.................................................................................................................................................4
3 Configuration............................................................................................................................................7
4 Working with Disk Encryption for Mac..................................................................................................9
5 Recovery..................................................................................................................................................17
6 Uninstallation from client......................................................................................................................19
7 Technical support....................................................................................................................................20
8 Legal notices............................................................................................................................................21
2
Administrator help
1 About SafeGuard Disk Encryption for Mac
Sophos SafeGuard Disk Encryption for Mac offers Mac OS X users the same data protection that
the disk encryption feature of SafeGuard Enterprise already offers to Windows users.
SafeGuard Disk Encryption for Mac builds on Mac OS X's integrated FileVault 2 encryption
technology. It uses FileVault 2 to encrypt the entire hard disk, so that your data is safe even if the
computer is lost or stolen. However, it also enables you to provide and manage disk encryption
for entire networks.
The encryption works transparently. The user will not see any prompts for encryption or decryption
when opening, editing, and saving files.
In SafeGuard Enterprise´s Management Center, you can select which computers (Windows as
well as Macs) to encrypt, monitor their encryption status, and provide recovery for users who
forget their passwords.
1.1 About this document
This document describes how to install, configure and administer Sophos SafeGuard Disk
Encryption for Mac.
For detailed information on SafeGuard Management Center operation and policy settings, refer
to the SafeGuard Enterprise Administrator help.
For user-relevant information refer to the Quick Startup Guide for Sophos SafeGuard Disk Encryption
for Mac.
1.2 Terms and acronyms
The following terms and acronyms are used in this document:
Term or acronym
Meaning or explanation
GUID
Globally Unique Identifier: a unique reference
number used as an identifier in computer software.
POA
Power-On Authentication (synonym: "pre-boot
authentication")
SGN
SafeGuard Enterprise
SSL
Secure Sockets Layer: a cryptographic protocol that
provides communication security over the internet.
3
Sophos SafeGuard Disk Encryption for Mac
2 Installation
The following chapter describes the installation of Sophos SafeGuard Disk Encryption on Mac
OS X clients. For a description of how to install the administration environment (backend), refer
to the SafeGuard Enterprise Installation guide.
Two Mac OS X client installation types are possible:
■
manual (attended) installation
■
automated (unattended) installation
The installer package is signed. In case of internet problems you may have a delay of up to 20
minutes during the installation procedure.
2.1 Installation prerequisites
Before starting the installation, make sure the SGN-SSL server certificate has been imported into
the system keychain and is set to Always Trust for SSL:
1. Ask your SafeGuard Server Administrator to provide you with the SGN server certificate for
SSL (file <certificate name>.cer).
2. Import the <certificate name>.cer file into your keychain. To do so, go to Applications - Utilities
and double-click the Keychain Access.app.
3. In the left pane select System.
4. Open a Finder window and select the <certificate name>.cer file from above.
5. Drag the certificate file and drop it into the System Keychain Access window.
6. You will be prompted to enter your Mac OS X password.
7. After entering the password click Modify Keychain to confirm your action.
8. Then double-click the <certificate name>.cer file. Click on the arrow left beside Trust and open
the Trust Chain.
9. For Secure Sockets Layer (SSL) select the option Always Trust.
10. Close the dialog. You will be prompted again to enter your Mac OS X password.
11. Enter the password and confirm by clicking Update Settings. A blue plus symbol in the lower
right corner of the certificate icon indicates that this certificate is marked as trusted for all users:
12. Open a web browser and check that your SafeGuard Enterprise Server is available using
https:\\<servername>.
Now you can start with the installation.
Note:
4
Administrator help
Certificate import can also be done by running the command sudo /usr/bin/security
add-trusted-cert -d -k /Library/Keychains/System.keychain -r
trustAsRoot -p ssl "/folder/<certificate name>.cer". This can also be
used for automated deployment via script. Change folder and certificate names according to your
settings.
Note:
If you want to bypass the process described above, you can run the command sgdeadmin
--disable-server-verify with sudo rights as described here: Command line options
(section 4.9). We do not recommend this option as it may create a security vulnerability.
2.2 Manual (attended) installation
A manual (or attended) installation allows you to control and test the installation while proceeding
step by step. It is performed on a single Mac.
Note:
Make sure the server verification has been properly set up as described in Installation prerequisites
(section 2.1).
1. Copy Sophos SafeGuard DE for OS X 6.10.0.dmg to your desktop.
2. Double-click the file Sophos SafeGuard DE for OS X 6.10.0.dmg to install the application. After
reading through the readme file offered, click Sophos SafeGuard DE.pkg and follow the
installation wizard. You will be prompted for your password to allow the installation of new
software.
3. Click Close to complete the installation.
4. After a restart, logon with your Mac password.
5. Open the System Preferences and click the Sophos Encryption icon to start the application.
6. Click the Server tab.
7. If server and certificate details are shown, skip the next steps and go to Step 11 and click
Synchronize. If no information is shown, continue with the next step.
8. Select the configuration zip file (For a description of how to create a configuration package for
Macs see SafeGuard Enterprise Administration Help version 6.10, Working with configuration
packages > Create configuration package for Macs).
9. Drag the zip file to the Server dialog and drop it into the drop zone.
10. You will be prompted to enter a Mac administrator password. Enter the password and click
OK to confirm.
5
Sophos SafeGuard Disk Encryption for Mac
11. Check the connection to the SafeGuard Enterprise server: Company certificate details are shown
in the lower part of the Server dialog. Then click Synchronize. A successful connection will
result in an updated "Last Contacted" time stamp (Tab Server, Server Info area, Last
Contacted:). An unsuccessful connection will display the following icon:
Refer to the log file for further information.
Refer to Server tab (section 4.7.2) for more information on synchronization and server
connection.
2.3 Automated (unattended) installation via Remote Management
Software
An automated (unattended) installation does not require any user interaction during the installation
process.
This section describes the basic steps for an automated (unattended) installation of SafeGuard
Disk Encryption for Mac. Use the management software installed on your system. Depending on
the management solution you are using, the actual steps may vary.
Note:
To install SafeGuard Disk Encryption for Mac on client computers, perform the following steps:
1. Download the installer file Sophos SafeGuard DE for OS X 6.10.0.dmg.
2. Copy the file to the target machines.
3. Install the file on the target machines. If you use Apple Remote Desktop, steps 2 and 3 are one
single step.
4. Select the configuration zip file (For a description of how to create a configuration package for
Macs see SafeGuard Enterprise Administration Help version 6.10, Working with configuration
packages > Create configuration package for Macs) and copy it to the target machines.
5. Run the following command on the target machines:
/usr/bin/sgdeadmin --import-config /full/path/to/file.zip
Change /full/path/to/file according to your settings. This command needs to be run with
administrator privileges. If you are using Apple Remote Desktop, then enter root in the field
user name to specify which user issues the above stated command.
6
Administrator help
3 Configuration
Sophos SafeGuard Disk Encryption for Mac OS X is administered in the SafeGuard Management
Center. The following chapter focuses on the Mac-specific configuration. Any standard Management
Center functionality is described in the most recent SafeGuard Enterprise Administrator help.
Note:
SafeGuard Disk Encryption for Mac only makes use of policies of the type "Device Protection"
and ignores all policy settings except Target and Media encryption mode.
3.1 Centrally administered configuration options
Policies are configured centrally in the SafeGuard Management Center. SafeGuard Disk Encryption
for Mac only makes use of policies of the type "Device Protection" and ignores all policy settings
except Target and Media encryption mode. In order to initiate full disk encryption the settings
must be chosen as follows:
1. Create a new policy of type Device Protection. For Device protection target choose Local
Storage Devices, Internal Storage or Boot Volumes. Type a name for the policy and click OK.
2. For Media encryption mode select Volume based.
A new policy for device protection has been created and configured for full disk encryption for
Macs.
Note: Make sure that the policy is assigned to the clients that will be encrypted. If all of the
endpoints are to be encrypted you might assign the policy to the top level of your domain or
workgroup. If IT staff take care of the installation, do not assign the policy before the clients are
given to the end-users. There is the risk that the endpoint is encrypted too early and IT staff are
registered for FileVault 2 instead of the end-users.
3.2 Locally administered configuration options
The following options are configured locally on the Mac client:
■
Define synchronization interval
This option allows you to set the intervals at which the client contacts the server to synchronize
settings.
Use the command sgdeadmin --contact-interval in order to set the interval to a
specific time (in minutes). E.g. the command sgdeadmin --contact-interval 120
sets this interval to a time of 2 hours.
Info: Default value is 90 minutes.
■
Synchronize database information
7
Sophos SafeGuard Disk Encryption for Mac
Use the command sgdeadmin --synchronize to start synchronizing database
information from the SafeGuard Enterprise backend such as policies and keys.
■
Enable or disable the system menu
Use the command sgdeadmin --enable-systemmenu to activate the system menu in
the upper right corner.
Use the command sgdeadmin --disable-systemmenu to deactivate the system menu.
Note: Default setting after installing SafeGuard Disk Encryption is "disabled", that is, the system
menu is deactivated.
For more information on the system menu, see Sophos SafeGuard Disk Encryption system menu
(section 4.8).
Refer to Command line options (section 4.9) for a complete overview of all command line options.
8
Administrator help
4 Working with Disk Encryption for Mac
A separate Quick Startup Guide for Disk Encryption explains the user-relevant aspects of the
application. You can find the latest version of the product documentation on our Documentation
page at http://www.sophos.com/en-us/support/documentation.aspx.
In the following sections you will find information on how to work with Disk Encryption for Mac
from an administrator's perspective.
4.1 How does encryption work?
FileVault 2 keeps all data on the hard drive secure with XTS-AES-128 data encryption at the disk
level. The algorithm has been optimized for 512-byte blocks. The conversion from plaintext to
ciphertext and back is performed on the fly with low impact on the user experience since it is given
a lower priority.
One traditional obstacle to usability with full disk encryption is that it was necessary for the end
user to authenticate twice: once to unlock the encrypted boot volume (POA), and the second time
to log on to the user desktop.
However, this is no longer necessary. Users enter their password at the pre-boot logon and the
system initiates password-forwarding when the operating system is up and requiring logon
credentials. Password-forwarding eliminates the need for users to log on twice after a cold boot.
Users are able to reset their passwords at any time without the need to re-encrypt the volume. The
reason is that a multi-level key system is employed. The keys shown to the users (e.g. logon keys
and recovery keys) are derived encryption keys and therefore can be replaced. The true volume
encryption key will never be given to a user.
For further information on FileVault 2 see Apple Technical White Paper - Best Practices for Deploying
FileVault 2 (Aug. 2012), which can be downloaded from the Apple website.
4.2 Initial encryption
If a volume based encryption of the system disk is specified in the policy, then disk encryption
will be activated for the user currently logged on. On client side, perform the following tasks:
1. Before encryption starts, a dialog is shown to ask for the logon password. Enter the Mac OS X
password.
If the dialog is shaking, the password is incorrect. Try again.
Note: If the password is empty, please change it. It is not possible to enable disk encryption
without a password set.
9
Sophos SafeGuard Disk Encryption for Mac
2. Wait for the Mac to restart.
Note: If activation of the encryption fails, an error message will be displayed. More information
can be found in the log files. Unless you chose another location, you find them at
/var/log/system.log
3. Disk encryption starts and is done in the background. The user can continue working.
The user is added as first FileVault 2 user of the endpoint.
4.3 Decryption
Usually it is not necessary to decrypt. If you set a policy that specifies No encryption for Mac
clients that are already encrypted, they will remain encrypted. But in this case the users have the
choice to decrypt. They will find the corresponding button in the preference pane, see Disk
Encryption tab (section 4.7.4).
Users with local administrator rights cannot be prevented from attempting to manually decrypt
their hard disk using built-in FileVault 2 functionality. However, they will be prompted for a
restart to complete the decryption. As soon as the Mac has completed the restart, SafeGuard Disk
Encryption for Mac will enforce encryption if a corresponding policy has been set.
4.4 Add FileVault 2 user
Only users that are already registered for FileVault 2 at the endpoint will be able to log on to the
system after a restart. In order to add a user to FileVault 2 proceed as follows:
1. While the Mac is still running, log on with the user you want to register for FileVault 2.
2. Provide the credentials of that user in the dialog Enable Your Account. If you are using Mac
OS X version 10.8, not only the user's own credentials are requested, but also those of a user
already active in FileVault 2. With Mac OS X version 10.9 this is no longer necessary.
Therefore, with the exception of Mac OS X version 10.8, users will be able to log on as easily as if
there was no disk encryption enforced.
4.5 Remove FileVault 2 user
A user can be removed from the list of users assigned to a Mac in the SafeGuard Management
Center. After the next synchronization, the user will be removed from the FileVault 2 users of the
endpoint as well. But this does not mean that the user will not be able to log on to that Mac
anymore. Like any new user, the user just needs to log on to a running Mac in order to become
authorized again.
If you really want to prevent a user from booting a Mac, mark the user as blocked in Management
Center. The user will then be removed from the FileVault 2 users of the client and no new
authorization will be possible.
10
Administrator help
Note: It is possible to remove all FileVault 2 users but the last one. Also the owner can be removed,
then the next user in the list will be marked as owner. In SafeGuard Disk Encryption for Mac it
does not make a difference if a user is owner or not. The last remaining FileVault 2 user cannot
be removed.
4.6 Synchronization with backend
In the process of synchronization, the states of the clients are reported to the SafeGuard Enterprise
backend, policies are updated and the user-machine assignment is checked.
Therefore, the following information is sent from the clients and appears in SafeGuard Management
Center:
■
As soon as an endpoint is encrypted, "POA" is checked. Other information that is displayed
includes drive name, label, type, state, algorithm and operating system.
■
New FileVault 2 users are added also in Management Center.
Note: If the SafeGuard Enterprise client software is removed from an endpoint, the endpoint and
its users are still visible in SafeGuard Management Center. But the timestamp of the last server
contact does not change anymore.
On client side the following things are changed:
■
Policies that were changed in Management Center are changed on the client.
■
Users that have been deleted or blocked in Management Center are also removed from the list
of FileVault 2 users on the client.
4.7 Preference pane
A preference pane allows you to set preferences for a specific application or the system. After
installing Sophos Encryption on a Mac client, the following preference pane icon appears in the
System Preferences:
Click on the icon to open the Sophos Encryption preference pane. The About content is shown.
The menu bar allows you to open the following menu information windows:
4.7.1 About tab
The About tab informs you about the product version installed on the client and about the
copyright and registered trademark(s). If Sophos SafeGuard File Encryption is installed, it will
also be listed.
11
Sophos SafeGuard Disk Encryption for Mac
Click on the question mark symbol in the lower right corner to open the Sophos SafeGuard Disk
Encryption Quick startup guide in the system's language.
4.7.2 Server tab
Click on Server to display a window containing the following information and functionality:
Server Info
■
Contact interval: shows the interval at which synchronization with the server is started. See
also Locally administered configuration options (section 3.2) for information on how to set this
interval. Preset default value is 90 minutes.
■
Last Contacted: shows the date when a client last communicated with the server
■
Primary Server URL: URL of the main server connection
■
Secondary Server URL: URL of the secondary server connection
■
Server Verification: shows whether SSL server verification for communication with the
SafeGuard Enterprise server is enabled or disabled. Refer to Command line options (section
4.9) (command sgdeadmin --enable-server-verify or sgdeadmin
--disable-server-verify) for a description of how to modify this option.
Drag configuration zip file here
Drag the configuration zip file to this drop zone in order to apply configuration information from
the Management Center to the Mac client. See also Manual (attended) installation (section 2.2).
Synchronize
Click this button to start manually synchronizing database information such as policies. This
might be required after having performed modifications in the SafeGuard Management Center.
If the synchronization fails, the following icon will appear:
Open the log file to retrieve information about possible causes.
You can modify the automatic synchronization contact interval by modifying the corresponding
parameter. See also Locally administered configuration options (section 3.2).
Company Certificate
12
■
Valid from: the date the certificate has become valid
■
Valid to: the date the certificate validity expires
■
Issuer: the instance which has issued the certificate
■
Serial: the serial number of the company certificate
Administrator help
4.7.3 User tab
Click on User to display information about:
■
The Username of the user currently logged on.
■
The Domain, listing the domain directory the client belongs to. For local users the local
computer name is displayed.
Note:
The entry Domain must be identical to the entry in System Preferences - Users & Groups Login Options - Network Account Server
■
The SafeGuard User GUID, displaying the GUID which has been generated for the user
following their first logon.
In the second window section you can check/uncheck the following option:
■
Show System Menu for Disk Encryption: when activated, the Sophos SafeGuard Disk
Encryption icon appears in the menu bar. See also Sophos SafeGuard Disk Encryption system
menu (section 4.8).
The third window section displays information about the User Certificate (it is not necessary for
disk encryption):
■
Valid from: the date the certificate has become valid
■
Valid to: the date the certificate validity expires
■
Issuer: the instance which has issued the certificate
■
Serial: the serial number of the certificate
4.7.4 Disk Encryption tab
Click on Disk Encryption to display information about the current policies and the status of the
Mac client.
The first window section tells you whether the system disk should be encrypted according to the
policy set by the security officer.
The second window section displays the status of the Mac client. This can be one of the following:
■
The system disk is encrypted and a centrally stored recovery key is available.
■
The system disk is encrypted but there is no centrally stored recovery key available.
■
The system disk is not encrypted.
At the bottom a button Decrypt System Disk is displayed. It will be enabled if FileVault 2 is
enabled, the current user is active in FileVault 2 and the security officer has set a policy defining
that no encryption is necessary for the client.
13
Sophos SafeGuard Disk Encryption for Mac
Note: If there is no centrally stored recovery key available, the helpdesk cannot assist with password
recovery. Therefore, the recovery key should be imported using the command line tool:
sgdeadmin --import-recoverykey. If the recovery key is unknown by the user as well
as by the security officer, decryption and subsequent encryption of the disk will be necessary in
order to create a new recovery key.
4.8 Sophos SafeGuard Disk Encryption system menu
The system menu provides the following information:
■
The icon (on the left) shows the encryption status:
Figure 1: System menu
Green icon: The system disk is encrypted.
Red icon: The system disk is not encrypted.
■
The following menu item is available when you click on the icon:
■
Open Sophos Encryption Preferences...
Opens the Sophos Encryption Preference Pane.
Note: In order to enable or disable the system menu see User tab (section 4.7.3).
4.9 Command line options
The Terminal application allows you to enter commands and command line options. The following
command line options are available:
Command name
sgdeadmin
14
Definition
lists available commands
including short help hints
Additional
parameters/supplements
(optional)
possible supplement --help
Administrator help
Command name
sgdeadmin --version
sgdeadmin --status
sgdeadmin
--list-user-details
Definition
Additional
parameters/supplements
(optional)
displays version and copyright
information of the installed
product
returns system status information
such as version, server and
certificate information.
returns information of the user
currently logged on
--all displays information for
all users (sudo required)
--xml returns output in xml
format.
sgdeadmin
--list-policies
sgdeadmin
--synchronize
sgdeadmin
--import-recoverykey
displays policy-specific
information. Key GUIDs are
resolved to key names if possible.
Bold print indicates a personal
key.
--all displays information for
all users (sudo required)
--xml returns output in xml
format
forces an immediate server
contact (needs working server
connection).
imports the FileVault 2 recovery
key, overwrites existing recovery
key
--force existing recovery key
will be overwritten without any
additional confirmation
"recoverykey" if it is not
entered, user will be asked for it
sgdeadmin
--import-config
"/path/to/target/file"
imports the specified
configuration zip file. See also
Manual (attended) installation
(section 2.2). The command needs
administrative rights (sudo).
Note:
Use the drag and drop
functionality to drag a complete
path from, for example, the
Finder into the Terminal
application.
15
Sophos SafeGuard Disk Encryption for Mac
Command name
sgdeadmin
--enable-server-verify
sgdeadmin
--disable-server-verify
Definition
Additional
parameters/supplements
(optional)
turns on SSL server verification
for communication with the
SafeGuard Enterprise server. After
installation, the SSL server
verification is activated. The
command needs administrative
rights (sudo).
turns off SSL server verification
for communication with the
SafeGuard Enterprise server. The
command needs administrative
rights (sudo).
Note:
We do not recommend this
option as it may create a security
vulnerability.
The following commands are explained in detail in section Locally administered configuration
options (section 3.2):
16
■
sgdeadmin --enable-systemmenu
■
sgdeadmin --disable-systemmenu
■
sgdeadmin --contact-interval
■
sgdeadmin --synchronize
Administrator help
5 Recovery
Recovery provides a way of accessing an encrypted volume by means of a centrally stored recovery
key. This is necessary because a user might forget the Mac OS X logon password and there might
be no other credentials available.
5.1 Recovery key handling
If all FileVault-enabled users on a particular system forget their passwords, credentials are not
available and there is no recovery key available, then the encrypted volume cannot be unlocked
and the data is unaccessible. Data may be lost permanently, so proper recovery planning is essential.
A new recovery key is generated during each activation of disk encryption. Without Sophos
SafeGuard Disk Encryption being installed at the time of the encryption, it is displayed to the user
who consequently is responsible for its protection against loss. With Sophos SafeGuard Disk
Encryption, it is securely sent to the SafeGuard Enterprise backend and stored centrally. The
security officer can retrieve it whenever needed. See Forgotten Mac OS X logon password (section
5.2) for more information about the recovery process.
But even if SafeGuard Disk Encryption was not installed when the disk was encrypted, the recovery
key can be managed centrally. Therefore it is necessary to import it. The relevant command line
option is sgdeadmin --import-recoverykey, see also Command line options (section
4.9). Any input within the recovery key will be sent in upper case.
Note:
■
Mac OS X 10.8: the recovery key will not be checked, it is the responsibility of the user to enter
it correctly. An error will be displayed only if the format is invalid.
■
Mac OS X 10.9: the recovery key will be checked if valid or not.
In order to check whether a recovery key is present for a client, see Disk Encryption tab (section
4.7.4).
If there is an institutional recovery key present, it can be used for recovery as well. For more
information see OS X: How to create and deploy a recovery key for FileVault 2 at
support.apple.com/kb/HT5077
5.2 Forgotten Mac OS X logon password
If a user forgets the Mac OS X logon password and there are no other credentials available, proceed
as follows:
1. The user switches on the Mac.
17
Sophos SafeGuard Disk Encryption for Mac
2. The user clicks on ? in the logon dialog. Alternatively, the user can enter a wrong logon password
three times.
The password hint is displayed and the user is asked if he or she wants to reset the password
using the recovery key.
3. The user clicks on the triangle next to the message in order to get to the next step (to enter the
recovery key):
4. In SafeGuard Management Center open the recovery wizard by selecting Tools > Recovery
and display the recovery key for the specific machine.
5. Tell the user the recovery key to be entered at the Mac.
The Mac starts and the user can enter a new password and a password hint.
Mac OS X 10.9 only: The recovery key is replaced as soon as it has been used once to start the
system. The new recovery key is generated automatically and sent to the SafeGuard Enterprise
backend where it is stored to be available for the next recovery.
Note: Be careful to whom you give a recovery key of an endpoint! As a recovery key is always
machine specific and not user specific, it might also be necessary to check that the recovery key is
not used to get unauthorized access to another user's sensitive data on the same machine.
18
Administrator help
6 Uninstallation from client
If you need to uninstall the software from a client computer, proceed as follows:
1.
2.
3.
4.
On the Mac client go to /Library.
Select the folder /Sophos SafeGuard DE.
Select and double-click the file Sophos SafeGuard DE Uninstaller.pkg
A wizard guides you through uninstallation.
Note: It is not necessary to decrypt the disk before uninstalling the software.
Note: A user with administrative rights cannot be prevented from uninstalling the software. (A
policy that prevents this on Windows clients has no effect on Mac clients.)
Note: The uninstaller package is signed. In case of internet problems you may have a delay of up
to 20 minutes during the uninstallation procedure.
19
Sophos SafeGuard Disk Encryption for Mac
7 Technical support
You can find technical support for Sophos products in any of these ways:
20
■
Visit the SophosTalk community at community.sophos.com/ and search for other users who are
experiencing the same problem.
■
Visit the Sophos support knowledgebase at www.sophos.com/en-us/support.aspx.
■
Download the product documentation at www.sophos.com/en-us/support/documentation/.
■
Send an email to [email protected], including your Sophos software version number(s),
operating system(s) and patch level(s), and the text of any error messages.
Administrator help
8 Legal notices
Copyright © 2014 Sophos Limited. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the
documentation can be reproduced in accordance with the license terms or you otherwise have
the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
Disclaimer and Copyright for 3rd Party Software
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/)
AES-NI
This software uses code from the Intel_aes_lib. The following is applicable to Intel_aes_lib:
/* intel_aes_lib source files come from Intel.
* Modified by Patrick Fay
*
Copyright (c) 2010, Intel Corporation
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
■
Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
■
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
■
Neither the name of Intel Corporation nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
Sophos SafeGuard Disk Encryption for Mac
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
--------------------------------------------------------------------------Issue Date: Aug 6, 2010
*/
DISCLAIMER
[The AES-NI library] software is provided 'as is' with no explicit or implied warranties in respect
of its properties, including, but not limited to, correctness and/or fitness for purpose.
Gladman AES
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without changes) provided that:
1. source code distributions include the above copyright notice, this list of conditions and the
following disclaimer;
2. binary distributions include the above copyright notice, this list of conditions and the following
disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products built using this software
without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties in respect of its properties,
including, but not limited to, correctness and/or fitness for purpose.
Zlib, Part of FreeType
zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.4, March 11th, 2002
Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied warranty. In no event will the
authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial
applications, and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the
original software. If you use this software in a product, an acknowledgment in the product
documentation would be appreciated but is not required.2. Altered source versions must be plainly
22
Administrator help
marked as such, and must not be misrepresented as being the original software. 3. This notice may
not be removed or altered from any source distribution.
Jean-loup Gailly
[email protected]
Mark Adler
[email protected]
The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to
1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format) and
rfc1952.txt (gzip format).
PCF, Part of FreeType
Copyright (C) 2000 by Francesco Zappa Nardelli
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
GptLib
Copyright (c) 2002 Marcel Moolenaar
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
23
Sophos SafeGuard Disk Encryption for Mac
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
gSOAP Rationale
This license agreement for commercial use of the gSOAP software standard edition in open source
form shall replace the gSOAP public license and GPL license for Customer's use of the Software,
thereby permanently replacing the terms and conditions imposed by the gSOAP public license
and GPL license, as set forth in this Agreement. This license covers the entire gSOAP source
distribution, including, but not limited to, the runtime library, compiler, WSDL importer, example
applications, and documentation.
THIS LICENSE AGREEMENT ("Agreement") is made and entered into as of the last date executed
by the parties below (the "Effective Date") by and between GENIVIA, INC., a Florida corporation
having a principal place of business at 3178 Shamrock East, Tallahassee, Florida 32309, USA,
("Genivia"), and Sophos Limited and its subsidiaries and affiliates, a company in accordance
with the laws of England and Wales having a principal place of business at The Pentagon, Abingdon,
OX14 3YP, United Kingdom ("Customer").
The parties agree as follows:
1. DEFINITIONS.
"Original Code" means Source Code of computer software code which is described in the Source
Code notice required by Exhibit A as Original Code.
"Modifications" means any addition to or deletion from the substance or structure of either the
Original Code or any previous Modifications. When Covered Code is released as a series of files,
a Modification is: (i) any addition to or deletion from the contents of a file containing Original
Code or previous Modifications; (ii) any new file that contains any part of the Original Code, or
previous Modifications.
"Covered Code" means the Original Code, or Modifications or the combination of the Original
Code, and Modifications, in each case including portions thereof.
"Software" means the Covered Code and accompanying documentation and support files referenced
in section 1 of Exhibit A, including Updates (if any).
"Updates" means any patches, bug fixes, upgrades, and new versions of the Software made generally
available by Genivia during the term of this Agreement.
"Source Code" means computer programming code in human readable form that is not suitable
for machine execution without the intervening steps of interpretation or compilation, meaning
the preferred form of the Covered Code for making modifications to it, including all modules it
contains, plus any associated interface definition files, scripts used to control compilation and
installation of an Executable Object Code, or source code differential comparisons against the
Original Code. The Source Code can be in a compressed or archival form, provided the appropriate
decompression or de-archiving software is widely available for no charge.
24
Administrator help
GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 2 of
8
"Executable Object Code" means the computer programming code in any other form than Source
Code that is not readily perceivable by humans and suitable for machine execution without the
intervening steps of interpretation or compilation.
"Authorized Site" means the specific address of Customer’s facility consisting of a single building
or multiple buildings on a contiguous campus as specified in Exhibit A.
"Project" means a concerted undertaking by an identified Customer development team to design
or produce a Target Application.
"Run-Time Module" means the Software in Source Code form or as Executable Object Code to
be incorporated into a Target Application as inseparably embedded code or statically linked to a
Target Application.
"Target Application" means an end-user item, such as a software product that is possibly replicated
in identical form and offered for sale or licensed to third parties, or a device or system developed
by Customer pursuant to a Project that contains a Run-Time Module, or any portion thereof, as
specified in Exhibit A and any Updates made during the term of this Agreement.
2. SOURCE CODE LICENSE.
Subject to Customer’s compliance with the terms and conditions of this Agreement and payment
of any applicable fees, Genivia hereby grants to Customer a non-transferable, nonexclusive,
worldwide, perpetual, royalty-free, paid-up license: (i) to reproduce and use the Software solely
at the Authorized Sites in connection with the Project; (ii) to make backup copies at the Authorized
Sites for the purpose of this Agreement; (iii) to store the Software in a source code repository; (iv)
to create Modifications and other derivative works of the Software, solely to the extent necessary
to support the development of the Target Application; (v) to compile the Software, including any
Modifications and derivative works thereof, into Run-Time Modules; (vi) to reproduce an unlimited
number of Run-Time Modules for physical incorporation into the Target Application; and (vii)
to market, sell, offer to sell, and distribute the Target Application.
3. RESTRICTIONS.
Customer shall reproduce and include any and all copyright notices and proprietary rights legends,
as such notices and legends appear in the original Software, on any copy of the Software, or portion
thereof, with the exception of the gSOAP public license and GPL license notices.
The Software shall be handled, used and stored, solely at the Authorized Site identified in Exhibit
A. The Software may be used from a single machine, a set of machines, or a network file server,
but there shall be no access to the Software from any external network not located at the Authorized
Sites.
GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 3 of
8
A function of the Software is to create Run-Time Modules for incorporation into Target
Applications. Except as set forth in Section 2 above, no license is granted hereunder to reproduce
or distribute the gSOAP soapcpp2 compiler and wsdl2h importer as part of such Target Application.
25
Sophos SafeGuard Disk Encryption for Mac
4. OWNERSHIP.
Genivia represents and warrants to Customer that Genivia has all rights in the Software necessary
to grant the rights and license granted to Customer in this Agreement.
Without limiting the foregoing, Genivia represents and warrants that Genivia has acquired an
assignment of all intellectual property rights in and to all portions of the Software delivered to
Customer under this Agreement.
Customer shall not have any obligation to provide, assign, or disclose to Genivia or any other
party any Modifications. Notwithstanding the foregoing, Genivia and its licensors shall retain
exclusive ownership of all worldwide Intellectual Property Rights in and to the Software.
Customer acknowledges that this Agreement does not grant to Customer any Intellectual Property
Rights in or to the Software other than the limited rights with respect to the Software as set forth
in Section 2.
5. DELIVERY AND PAYMENT.
Immediately following the Effective Date, Genivia grants Customer the right to download the
Software from the Approved Software Download Site specified in Exhibit A, and install the Software
at the Authorized Site and use the Software as set forth in Section 2 subject to the restrictions listed
in Section 3. Notwithstanding any terms or other agreements posted on the Approved Software
Download Site, this Agreement shall be the sole and exclusive agreement governing Customer's
use of the Software.
Customer shall pay to Genivia the Software license fee set forth in Exhibit A. License fees will be
invoiced with shipment of this License Agreement. Payment of all amounts invoiced shall be due
forty-five (45) days after receipt of the invoice.
All payments and amounts shall be paid without deduction, set-off or counter claim, free and
clear of any restrictions or conditions, and without deduction for any taxes, levies, imposts, duties,
fees, deductions, withholdings or other governmental charges. If any deduction is required to be
made by law, Customer shall pay in the manner and at the same time such additional amounts as
will result in receipt by Genivia of such amount as would have been received by Genivia had no
such amount been required to be deducted. If Customer is claiming sales or use tax exemption,
a certified Tax Exempt Certificate must be attached to this Agreement or applicable purchase
order submitted by Customer.
6. TERM AND TERMINATION.
GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 4 of
8
This Agreement shall commence upon the Effective Date and is granted in perpetuity, but may
be terminated without notice in the following circumstances: if Customer breaches any term of
this agreement, unless such breach is curable and is cured by Customer within thirty (30) days
after notice of such breach is provided by Genivia; if Customer, being a firm or partnership, is
dissolved; or, by Customer, if Customer destroys the Software for any reason. Upon termination,
Customer shall destroy any remaining copies of the Software or otherwise return or dispose of
26
Administrator help
such material. Termination pursuant to this clause shall not affect any rights or remedies, which
Genivia may have otherwise under this license or at law.
The following Sections shall survive any termination of this Agreement: Sections 1, 4, 6, 8, and
10. Termination of this Agreement, if any, shall not affect any licenses or other grants of any rights,
titles, or interests of Customer in or to any Run-Time Modules or the Target Application.
7. LIMITED WARRANTY.
Genivia warrants that the Software, installation scripts, and future Updates will be provided to
Customer. Customer assumes full responsibility for: (i) the selection, download, and installation
of the Software from the Approved Software Download Site specified in Exhibit A; (ii) the proper
use of the Software; (iii) verifying the results obtained from the use of the Software; and (iv) taking
appropriate measures to prevent loss of data. Genivia does not warrant that the operation of the
Software will meet Customer’s requirements or that Customer will be able to achieve any particular
results from use or modification of the Software or that the Software will operate free from error.
EXCEPT AS EXPRESSLY SET FORTH IN SECTIONS 7 AND 8 OF THIS AGREEMENT, GENIVIA
AND ITS LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR
STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT
OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND ANY WARRANTY THAT
MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR COURSE OF DEALING.WITHOUT
LIMITING THE FOREGOING, CUSTOMER ACKNOWLEDGES THAT THE SOFTWARE IS
PROVIDED "AS IS" AND THAT GENIVIA DOES NOT WARRANT THE SOFTWARE WILL
RUN UNINTERRUPTED OR ERROR FREE. THE ENTIRE RISK AS TO RESULTS AND
PERFORMANCE OF THE SOFTWARE IS ASSUMED BY CUSTOMER.
UNDER NO CIRCUMSTANCES WILL GENIVIA BE LIABLE FOR ANY SPECIAL, INDIRECT,
INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE
WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING
NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN ANY WAY
RELATED TO THE SOFTWARE, EVEN IF GENIVIA HAS BEEN ADVISED ON THE
POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY
FORESEEN, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY
EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES, BUT IS
NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOSS OF DATA
OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION OR
IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL GENIVIA BE LIABLE FOR THE
COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR GENIVIA INC. STANDARD
EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 5 of 8
SERVICES. CUSTOMER ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED FOR
USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS OPERATION
OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFECRITICAL
APPLICATIONS. GENIVIA EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE
OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS
ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR CLAIMS
BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN
27
Sophos SafeGuard Disk Encryption for Mac
HAZARDOUS ENVIRONMENTS BY CUSTOMER. FOR PURPOSES OF THIS PARAGRAPH,
THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN WHICH THE
FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT DIRECTLY
OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE. THIS DISCLAIMER OF
WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE.
NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS
DISCLAIMER.
8. INFRINGEMENT INDEMNITY.
Genivia will defend at its expense any suit brought against Customer and will pay all damages
finally awarded in such suit insofar as such suit is based on a claim that the Software as provided
to Customer infringes a previously issued patent, trademark, trade secret or copyright, provided
that Genivia is notified promptly of such claim and is given full and complete authority (including
settlement authority consistent with the other terms and conditions of this Agreement), information
and assistance by Customer for such defense. In the event that the Software is held in any such
suit to infringe such a right and its use is enjoined, or if in the opinion of Genivia the Software is
likely to become the subject of such a claim, Genivia at its own election and expense will either
(i) procure for Customer the right to continue using the Software or (ii) modify or replace the
Software so that it becomes noninfringing while giving substantially equivalent performance. In
the event that (i) or (ii) above are not, in Genivia’s sole determination, obtainable using reasonable
commercial efforts, then Genivia may terminate this Agreement and refund amount Customer
paid Genivia under this Agreement for the Software which is the subject of such claim. The
indemnification obligation shall not apply to infringement actions or claims to the extent that
such actions or claims are caused solely by: (i) modifications made to the Software by a party other
than Genivia; and (ii) the combination of the Software with items not supplied by Genivia or
which Genivia has specifically not approved for combination with the Software.
9. GENERAL.
Neither party shall be liable hereunder by reason of any failure or delay in the performance of its
obligations hereunder (except for the payment of money) on account of strikes, shortages, riots,
insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, labor conditions,
earthquakes, material shortages or any other cause which is beyond the reasonable control of such
party.
GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 6 of
8
The Software is a "commercial item" as that term is defined at 48 C.F.R. 2.101, consisting of
"commercial computer software" and "commercial computer software documentation" as such
terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R.
227.7202-1 through 227.7202-4, Customer will provide the Software to U.S. Government End
Users only pursuant to the terms and conditions therein.
Customer may not delegate, assign or transfer this Agreement, the license(s) granted or any of
Customer’s rights or duties hereunder without Genivia's express prior written consent, except by
28
Administrator help
way of merger or acquisition of the business of Customer, and any attempt to do so shall be void.
Genivia may assign this Agreement, and its rights and obligations hereunder, in its sole discretion.
All Software and technical information delivered under this Agreement are subject to U.S. export
control laws and may be subject to export or import regulations in other countries. Customer
agrees to strictly comply with all such laws and regulations. The ECCN for the Software is 5D002.
This Agreement is governed by New York law, excluding any principle or provision that would
call for the application of the law of any jurisdiction other than New York. Any action regarding
this Agreement shall be brought in a court of competent jurisdiction, federal or state, in the County
of New York, New York, and Genivia consents to venue and jurisdiction in and service of process
from such court.
10. DISCLOSURE OF CUSTOMER IDENTITY.
Genivia, Inc., will not disclose the identity of the Customer on its Web site, advertising, press
releases, or other publicly released publicity without the Customers' prior written consent.
OSXFUSE
OSXFUSE is a software developed by the OSXFUSE project and is covered under the following
BSD-style license:
Copyright (c) 2011-2012 Benjamin Fleischer
Copyright (c) 2011-2012 Erik Larsson
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. Neither the name of OSXFUSE nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
Sophos SafeGuard Disk Encryption for Mac
Note that the patches to the FUSE user space library and to the SSHFS user-space program are
also released under the BSD license.
OSXFUSE is a fork of MacFUSE. MacFUSE has been developed by Amit Singh/Google Inc..
Additional information and the original source of MacFUSE are available on
http://code.google.com/p/macfuse/. MacFUSE is covered under the following BSD-style license:
Copyright (c) 2007—2009 Google Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. Neither the name of Google Inc. nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
NOTE THAT THIS SOFTWARE ATTEMPTS TO INSTALL THE LATEST VERSION OF ITSELF
BY CHECKING FOR UPDATES DURING INSTALLATION. THE INSTALLED VERSION MAY
BE NEWER THAN THE VERSION EMBEDDED IN THIS PACKAGE.
Note that Google's patches to the FUSE library (libfuse/*.patch in the MacFUSE source repository)
and to the SSHFS user-space program (filesystems/sshfs/*.patch in the MacFUSE source repository)
are also released under the BSD license.
Portions of this package were derived from code developed by other authors. Please read further
for specific details.
■
30
kext/fuse_kernel.h is an unmodified copy of the interface header from the Linux FUSE
distribution (http://fuse.sourceforge.net). fuse_kernel.h can be redistributed either under the
GPL or under the BSD license. It is being redistributed here under the BSD license.
Administrator help
■
Unless otherwise noted, parts of MacFUSE (multiple files in kext/) contain code derived from
the FreeBSD version of FUSE (http://fuse4bsd.creo.hu), which is covered by the following
BSD-style license:
Copyright (C) 2005 Csaba Henk. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS "AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
■
kext/fuse_nodehash.c is a slightly modified version of HashNode.c from an Apple Developer
Technical Support (DTS) sample code example. The original source, which is available on
http://developer.apple.com/library/mac/#samplecode/MFSLives/, has the following disclaimer:
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc. Apple")
in consideration of your agreement to the following terms, and your use, installation, modification
or redistribution of this Apple software constitutes acceptance of these terms. If you do not agree
with these terms, please do not use, install, modify or redistribute this Apple software.
In consideration of your agreement to abide by the following terms, and subject to these terms,
Apple grants you a personal, non-exclusive license, under Apple's copyrights in this original Apple
software (the "Apple Software"), to use, reproduce, modify and redistribute the Apple Software,
with or without modifications, in source and/or binary forms; provided that if you redistribute
the Apple Software in its entirety and without modifications, you must retain this notice and the
following text and disclaimers in all such redistributions of the Apple Software. Neither the name,
trademarks, service marks or logos of Apple Computer, Inc. may be used to endorse or promote
products derived from the Apple Software without specific prior written permission from Apple.
Except as expressly stated in this notice, no other rights or licenses, express or implied, are granted
by Apple herein, including but not limited to any patent rights that may be infringed by your
derivative works or by other works in which the Apple Software may be incorporated.
31
Sophos SafeGuard Disk Encryption for Mac
The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES
OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
OR IN COMBINATION WITH YOUR PRODUCTS.
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION,
MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
■
Parts of the mount_osxfusefs and the load_osxfusefs command-line programs (implemented
in kext/mount/ and kext/load/, respectively) come from Apple's Darwin sources and are covered
under the Apple Public Source License (APSL). You can read the APSL at:
http://www.opensource.apple.com/license/apsl/
■
Parts of the OSXFUSE kernel extension (locking mechanism for 64 bit kernel) come from
Tuxera Inc.'s MacFUSE "rebel" branch. The original source of the "rebel" branch is available
on https://github.com/tuxera. These modifications are covered under the following BSD-style
license:
Copyright (c) 2010 Tuxera Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. Neither the name of Tuxera Inc. nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS "AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32
Administrator help
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
■
Parts of OSXFUSE come from the Fuse4X project which itself is a MacFUSE fork. Additional
information and the original source of Fuse4X are available on http://fuse4x.org. Fuse4X is
covered under the following BSD-style license:
Copyright (c) 2011 Anatol Pomozov. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS "AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
This binary package contains the following open-source software that is available under the GNU
Lesser General Public License.
* FUSE user space library (http://fuse.sourceforge.net/)
33