Release notes

1 New features of version 6.01

Support for Mac OS X 10.8 and Gatekeeper

Sophos SafeGuard Disk Encryption for Mac 6.01 is available for Mac OS X 10.7 (Lion) and 10.8 (Mountain Lion).

Its installer and binaries have been digitally signed with a developer ID certificate provided by Apple. It is therefore possible to install the product with the Gatekeeper feature set to “Mac App Store and identified developers”.

Support of Target Disk Mode

With Sophos SafeGuard Disk Encryption for Mac 6.01 Target Disk Mode is supported under certain technical constraints.

Contact Sophos support to get the necessary tools and documentation.

Support for Mac Firmware updates on Macs that have Sophos SafeGuard Disk Encryption for Mac 6.01 installed

With Sophos SafeGuard Disk Encryption for Mac 6.01 it is now possible to update the Mac Firmware, although Sophos SafeGuard Disk Encryption for Mac 6.01 is installed. However, for this to work several technical preconditions must be met:

  1. There must a boot partition of type Apple_Boot and it must be formatted as JHFS+.

    Note: A default Mac OS X 10.7 or 10.8 recovery partition qualifies as such an Apple_Boot partition.
  2. By default, the firmware-update-functionality of Sophos SafeGuard Disk Encryption for Mac 6.01 is turned off. To be able to use it, it must be turned on first.

This can be done from command line with the following commands:

  • To turn the feature on:

    sgadmin --enable-firmware-update [--authenticate-user "admin username"]  [--authenticate-password "admin password"]

    The Mac needs to be rebooted before the new setting becomes active.

  • To turn the feature off:

    sgadmin --disable-firmware-update [--authenticate-user "admin username"]  [--authenticate-password "admin password"]

    The Mac needs to be rebooted before the new setting becomes active.

  • To query the firmware update status:

    sgadmin --status

Enhanced keyboard support in Power-on Authentication

In previous versions of Sophos SafeGuard Disk Encryption for Mac several keys were not supported in Power-on Authentication (POA), for example <SHIFT>-<TAB> and the <ALT>-key.

Sophos SafeGuard Disk Encryption for Mac 6.01 solves these issues. It is now possible to step counterclockwise through the logon screen in POA, as <SHIFT>-<TAB> is now supported.

Key combinations that contain the <ALT> key are also supported now. In addition, all text entry fields in POA display an icon that shows, whether caps lock is active or not.

2 Supported hardware and configurations

  • Hardware (Intel-based 64 bit CPU only)

    • MacBook
    • MacBook Pro
    • MacBook Air
    • iMac
    • Mac mini
    • Mac Pro
  • EFI

    • EFI32 (firmware)
    • EFI64 (firmware)

    With the following terminal command, the EFI firmware can be verified:

    "ioreg -l -p IODeviceTree | grep firmware-abi"

    The return value should be "firmware-abi" = <"EFI64" > or "firmware-abi" = <"EFI32" >.

  • Operating system

    • 10.8 (Mountain Lion) recent patch level (at least patch level of release date - September 2012)
    • 10.7 (Lion) recent patch level (at least patch level of release date - September 2012)
  • Update of Sophos SafeGuard Disk Encryption for Mac

    • Sophos SafeGuard Disk Encryption for Mac 5.55 and 6.0 can be updated to 6.01.
  • Update of Mac OS X versions
    • To update the operating system from Mac OS X 10.5 (Leopard) to 10.6 (Snow Leopard), to 10.7 (Lion) or to 10.8 (Mountain Lion), you need to uninstall Sophos SafeGuard Disk Encryption for Mac first. This step includes a final decryption of encrypted partitions.

    After the successful update of OS X you need to install Sophos SafeGuard Disk Encryption 6.01 and encrypt the partitions again.

Bootcamp Support

It is required to set up a machine with a Bootcamp partition prior to installing Sophos SafeGuard Disk Encryption for Mac 6.01. It is not supported to set up or remove Bootcamp after installing Sophos SafeGuard Disk Encryption. Note that it is not supported to change/resize the partition layout after installing Sophos SafeGuard Disk Encryption.

If the default operating system is changed from OS X to Windows, it cannot be set back to OS X, neither with Windows Bootcamp Control Panel nor with OS X Startup Disk Utility. This has to be done using the functionality provided by Sophos SafeGuard Disk Encryption.

You can set the default boot system to OS X in the following ways:

1. By using the user interface:

  • Open SafeGuard Disk Management.
  • Open the Edit menu and select Boot this operating system by default. It is required to authenticate as an OS X Administrator.

2. By using Terminal

  • Open a Terminal and enter “sudo sgadmin --set-boot”. Note that OS X Administrator authentication is required.

3 Time Machine backups

The following components of Sophos SafeGuard Disk Encryption should be excluded from Time Machine backups:

  • /.com.sophos
  • /System/Library/Extensions/sgbiodrv.kext
  • /usr/sbin/sgd
  • /usr/bin/sgadmin
  • /Library/Sophos SafeGuard
  • /Library/LaunchDaemons/com.sophos.sgd.plist
  • /Library/LaunchDaemons/com.sophos.sgsd.plist
  • /Library/LaunchAgents/com.sophos.sguimenu.plist
  • /Library/LaunchAgents/com.sophos.sgsynclang.plist
  • /Applications/sgui.app
  • /usr/share/man/man1/sgadmin.1
  • /usr/share/man/man1/sgsd.1
  • /usr/bin/sgsd
  • /Library/LaunchDaemons/com.sophos.sgsd.plist
  • /Library/Security/SecurityAgentPlugins/Sophos_SSO.bundle
  • /var/spool/sg
  • /var/sg

4 Unsupported hardware, configurations and operations

  • Hardware

    • PowerPC-based hardware
  • Operating system

    • Version 10.6 and earlier version.
  • Bootcamp + SafeGuard Enterprise/SafeGuard Easy for Windows

    • Sophos SafeGuard Disk Encryption for Mac supports bootcamp, but SafeGuard Enterprise must not be installed in the Windows partition. This restriction is valid until explicitly stated otherwise in the SafeGuard Enterprise for Windows documentation.
  • The following limitations apply to the product:

    Sophos SafeGuard Disk Encryption for Mac does not support multi-boot systems, this means multiple installations of OS X on the same Mac.

    Sophos SafeGuard Disk Encryption for Mac and Mac OS X FileVault 2 must not be run on one machine at the same time. If you are going to use Sophos SafeGuard Disk Encryption for Mac, no local partition must be encrypted by FileVault 2. You must ensure that FileVault 2 is disabled before you install Sophos SafeGuard Disk Encryption for Mac.  If you want to use FileVault 2, Sophos SafeGuard Disk Encryption for Mac must not be installed.

    Do not install the software on systems with more than 50 partitions.

    We recommend not to encrypt more than five partitions simultaneously.

    Single Sign On between Sophos SafeGuard Disk Encryption POA and Mac OS X

    To turn on the Sophos SafeGuard Disk Encryption Single Sign On feature, run the command sgadmin --enable-sso from terminal.

    To turn the Sophos SafeGuard Disk Encryption Single Sign On feature off again, run the command sgadmin --disable-sso from terminal.

    With some subversions of Mac OS X 10.7 and 10.8 the Sophos SafeGuard Disk Encryption Single Sign On feature does not work as expected. For example: The Single Sign On simply does not work and OS X stops in its logon windows, or one and the same user is always logged on to OS X regardless of the user who has logged on to Sophos SafeGuard Disk Encryption at pre-boot level.

    Should these problems occur, follow the following guidelines:

    1) The Single Sign On feature of Sophos SafeGuard Disk Encryption depends on two Mac OS X settings. These are Automatic login and Display login window as. You can find these settings under System Preferences > Users & Groups > Login Options. In general the setting of Display login window as is irrelevant, but in some OS X versions Single Sign On only works, if the OS X setting Display login window as is set to List of users. Check the Sophos knowledgebase article #116756 for the current state.

    2) To use the Sophos SafeGuard Disk Encryption feature Single Sign On, the Mac OS X setting Automatic login must not be set to Off. If the setting is set to Off, the Single Sign On process stops in Mac OS X logon and Mac OS X waits for user interaction. Click one of the user names displayed to trigger the system to continue with the logon process. It is irrelevant which user name you click. Single Sign On continues and the user who has logged on at POA is logged on to Mac OS X.

    If a Mac shows the behavior described above, you need to manually set the two OS X settings mentioned to the correct values.

    - To activate Single Sign On, ensure that both settings are set to a correct value. Then run sgadmin --enable-sso.

    - To turn Single Sign On off again, change these OS X settings back manually. Then run sgadmin --disable-sso.

    Keyboard: Non-numeric keypad keys cannot be guaranteed to give the same character sequence when the keyboard is changed from one layout to another. So only use "0-9" from that block. It is due to EFI only returning a US ANSII character equivalent and no modifier keys. During translation, the normal keyboard key takes precedence over the numeric keypad key. This affects the non-numeric keys on the numeric keypad, this means the '=', '/', '', '-', '+','*' keys. These keys may translate into different characters due to the keyboard layout. For example, on a German keyboard the numeric keypad '' key will translate into the keyboard '(' character. The code has been developed and tested with the following keyboards: US, French, German. There is no guarantee that other keyboards work.

    Keyboard - Caps Lock key LED: On some keyboards the LED of the CAPS LOCK key does not light up, when pressed. In order to visualize to the user that caps lock is active, a little icon is displayed on the right hand side of each text entry field in POA.

    Partitioning: After Sophos SafeGuard Disk Encryption for Mac has been installed it is not possible to change the partitioning layout. You must not change anything with "gpt" or "diskutil". Important: If someone repartitions the machine you will not be able to use it, and you will need to completely re-install this machine in order to use it again.

    You must also not add additional hard drives to a Mac after Sophos SafeGuard Disk Encryption for Mac has been installed.

    In particular, you must not start the initial encryption of a volume on a disk that has been added after the installation of Sophos SafeGuard Disk Encryption for Mac, because this can lead to data loss of the data stored on this volume!

    Formatting: Formatting of encrypted partitions is not supported. If you want to remove all data, we recommend that you delete the files or decrypt the partition, format it and encrypt it again.

    Note: Only HFS+ and HFS+ (Journaled) are supported. The hard drive must be GPT-partitioned.

    Target Disk Mode: With Sophos SafeGuard Disk Encryption for Mac 6.01 Target Disk Mode is supported under certain technical constraints.

    Contact Sophos support to get the necessary tools and documentation.

    diskutil from a system started via network boot: Do not use diskutil from a system started via network boot while local partitions are encrypted. In this case diskutil does not recognize the encrypted partitions and wants to initialize them. Doing so results in data loss.

    Erasing partitions: Erasing a partition while an initial encryption or a final decryption operation is performed is not supported. Also, erasing encrypted partitions is not supported. Partitions have to be decrypted first and can then be encrypted again.

    Unmounted partitions and encryption/decryption: Starting initial encryption or final decryption for partitions that are not mounted is not supported. Unmounting a partition while it is encrypting or decrypting is also not supported. Doing so may result in data loss.

    OS upgrades (for example from 10.7 to 10.8) are not supported as long as Sophos SafeGuard Disk Encryption for Mac is installed: It is necessary to decrypt the partitions of your Mac first and then to uninstall Sophos SafeGuard Disk Encryption for Mac. Afterwards, you can upgrade the operating system, install Sophos SafeGuard Disk Encryption for Mac released for the new OS X version and encrypt the partitions again. 

    Deep Sleep: When Sophos SafeGuard Disk Encryption for Mac is installed the hibernation feature, "Deep Sleep" is not supported and is disabled. Some applications do not auto-save their data when the sleep mode is activated. In case the sleep mode is used for an extended period while not being connected to power and such an application is open with unsaved data, data might be lost.

    Bad sectors: We recommend not to install the product if there are bad sectors on your hard disk. Initial encryption does not stop when bad sectors are encountered, but a log entry is created in the kernel log.

    Initial encryption/final decryption on data partitions: Before you begin to encrypt a data partition ensure that all files on this partition are closed. The same is valid for the final decryption of a data partition: Ensure that all files are closed during the very last steps of the decryption, when Sophos SafeGuard Disk Encryption for Mac removes the Sophos icon of the partition.

    Mac OS X Safe Boot usage: When booting into Safe Boot / Safe Mode it is not possible to use sgadmin or the SafeGuard menu. This is related to Mac OS X not loading 3rd party launch agents / daemons (sgd) in the Safe Boot / Safe Mode functionality.

5 Technical support

You can find technical support for Sophos products in any of these ways:

6 Copyright

Copyright © 2010 - 2012 Sophos Group. All rights reserved. SafeGuard is a registered trademark of Sophos Group.

All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Disclaimer and Copyright for 3rd Party Software

Portions of this software are copyright © 2010 The FreeType Project (www.freetype.org). All rights reserved.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)

AES-NI

This software uses code from the Intel_aes_lib. The following is applicable to Intel_aes_lib:

/* intel_aes_lib source files come from Intel.

 * Modified by Patrick Fay

 *

Copyright (c) 2010, Intel Corporation

All rights reserved.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,

      this list of conditions and the following disclaimer.

    * Redistributions in binary form must reproduce the above copyright notice,

      this list of conditions and the following disclaimer in the documentation

      and/or other materials provided with the distribution.

    * Neither the name of Intel Corporation nor the names of its contributors

      may be used to endorse or promote products derived from this software

      without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE

OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 ---------------------------------------------------------------------------

 Issue Date: Aug 6, 2010

 */

DISCLAIMER

[The AES-NI library] software is provided 'as is' with no explicit or implied warranties  in respect of its properties, including, but not limited to, correctness  and/or fitness for purpose.

Gladman AES

Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.

LICENSE TERMS

The free distribution and use of this software is allowed (with or without changes) provided that:

  1. source code distributions include the above copyright notice, this list of conditions and the following disclaimer;
  2. binary distributions include the above copyright notice, this list of conditions and the following disclaimer in their documentation;
  3. the name of the copyright holder is not used to endorse products built using this software without specific written permission.

DISCLAIMER

This software is provided 'as is' with no explicit or implied warranties in respect of its properties, including, but not limited to, correctness and/or fitness for purpose.

EDK

Copyright (c) 2008

Intel Corporation.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Intel Corporation and its contributors.

4. Neither the name of Intel Corporation or its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright (c) 1988, 1993

The Regents of the University of California. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors.4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Freetype

Copyright 2000 Computing Research Labs, New Mexico State University

Copyright 2001, 2002, 2003, 2004 Francesco Zappa Nardelli

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

FreeType font driver for bdf files

Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by Francesco Zappa Nardelli

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

FreeType font driver for pcf fonts

Copyright (C) 2000, 2001, 2002 by Francesco Zappa Nardelli

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Copyright (c) 2000

Intel Corporation.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Intel Corporation and its contributors.4. Neither the name of Intel Corporation or its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright (c) 1992, 1993

The Regents of the University of California. All rights reserved.

Portions copyright (c) 1999, 2000

Intel Corporation.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley, Intel Corporation, and its contributors.4. Neither the name of University, Intel Corporation, or their respective contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS, INTEL CORPORATION AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS, INTEL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright (c) 1990, 1993

The Regents of the University of California. All rights reserved.

This code is derived from software contributed to Berkeley by Chris Torek.

Portions copyright (c) 1999, 2000

Intel Corporation.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley, Intel Corporation, and its contributors.4. Neither the name of University, Intel Corporation, or their respective contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS, INTEL CORPORATION AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS, INTEL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Zlib, Part of FreeType

zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.4, March 11th, 2002

Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution.

Jean-loup Gailly

jloup@gzip.org

Mark Adler

madler@alumni.caltech.edu

The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).

PCF, Part of FreeType

Copyright (C) 2000 by Francesco Zappa Nardelli

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

GptLib

Copyright (c) 2002 Marcel Moolenaar

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 

gSOAPRationale: This license agreement for commercial use of the gSOAP software standard edition

in open source form shall replace the gSOAP public license and GPL license for Customer's

use of the Software, thereby permanently replacing the terms and conditions imposed by the

gSOAP public license and GPL license, as set forth in this Agreement. This license covers the

entire gSOAP source distribution, including, but not limited to, the runtime library, compiler,

WSDL importer, example applications, and documentation.

THIS LICENSE AGREEMENT ("Agreement") is made and entered into as of the last date

executed by the parties below (the "Effective Date") by and between GENIVIA, INC., a Florida

corporation having a principal place of business at 3178 Shamrock East, Tallahassee, Florida

32309, USA, ("Genivia"), and Sophos Limited and its subsidiaries and affiliates, a

company in accordance with the laws of England and Wales having a principal place of

business at The Pentagon, Abingdon, OX14 3YP, United Kingdom ("Customer").

The parties agree as follows:

1. DEFINITIONS.

"Original Code" means Source Code of computer software code which is described in the

Source Code notice required by Exhibit A as Original Code.

"Modifications" means any addition to or deletion from the substance or structure of either the

Original Code or any previous Modifications. When Covered Code is released as a series of

files, a Modification is: (i) any addition to or deletion from the contents of a file containing

Original Code or previous Modifications; (ii) any new file that contains any part of the Original

Code, or previous Modifications.

"Covered Code" means the Original Code, or Modifications or the combination of the Original

Code, and Modifications, in each case including portions thereof.

"Software" means the Covered Code and accompanying documentation and support files

referenced in section 1 of Exhibit A, including Updates (if any).

"Updates" means any patches, bug fixes, upgrades, and new versions of the Software made

generally available by Genivia during the term of this Agreement.

"Source Code" means computer programming code in human readable form that is not

suitable for machine execution without the intervening steps of interpretation or compilation,

meaning the preferred form of the Covered Code for making modifications to it, including all

modules it contains, plus any associated interface definition files, scripts used to control

compilation and installation of an Executable Object Code, or source code differential

comparisons against the Original Code. The Source Code can be in a compressed or archival

form, provided the appropriate decompression or de-archiving software is widely available for

no charge.

GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 2 of 8

"Executable Object Code" means the computer programming code in any other form than

Source Code that is not readily perceivable by humans and suitable for machine execution

without the intervening steps of interpretation or compilation.

"Authorized Site" means the specific address of Customer’s facility consisting of a single

building or multiple buildings on a contiguous campus as specified in Exhibit A.

"Project" means a concerted undertaking by an identified Customer development team to

design or produce a Target Application.

"Run-Time Module" means the Software in Source Code form or as Executable Object Code

to be incorporated into a Target Application as inseparably embedded code or statically linked

to a Target Application.

"Target Application" means an end-user item, such as a software product that is possibly

replicated in identical form and offered for sale or licensed to third parties, or a device or

system developed by Customer pursuant to a Project that contains a Run-Time Module, or any

portion thereof, as specified in Exhibit A and any Updates made during the term of this

Agreement.

2. SOURCE CODE LICENSE.

Subject to Customer’s compliance with the terms and conditions of this Agreement and

payment of any applicable fees, Genivia hereby grants to Customer a non-transferable, nonexclusive,

worldwide, perpetual, royalty-free, paid-up license: (i) to reproduce and use the

Software solely at the Authorized Sites in connection with the Project; (ii) to make backup

copies at the Authorized Sites for the purpose of this Agreement; (iii) to store the Software in a

source code repository; (iv) to create Modifications and other derivative works of the Software,

solely to the extent necessary to support the development of the Target Application; (v) to

compile the Software, including any Modifications and derivative works thereof, into Run-Time

Modules; (vi) to reproduce an unlimited number of Run-Time Modules for physical

incorporation into the Target Application; and (vii) to market, sell, offer to sell, and distribute the

Target Application.

3. RESTRICTIONS.

Customer shall reproduce and include any and all copyright notices and proprietary rights

legends, as such notices and legends appear in the original Software, on any copy of the

Software, or portion thereof, with the exception of the gSOAP public license and GPL license

notices.

The Software shall be handled, used and stored, solely at the Authorized Site identified in

Exhibit A. The Software may be used from a single machine, a set of machines, or a network

file server, but there shall be no access to the Software from any external network not located

at the Authorized Sites.

GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 3 of 8

A function of the Software is to create Run-Time Modules for incorporation into Target

Applications. Except as set forth in Section 2 above, no license is granted hereunder to

reproduce or distribute the gSOAP soapcpp2 compiler and wsdl2h importer as part of such

Target Application.

4. OWNERSHIP.

Genivia represents and warrants to Customer that Genivia has all rights in the Software

necessary to grant the rights and license granted to Customer in this Agreement.

Without limiting the foregoing, Genivia represents and warrants that Genivia has acquired an

assignment of all intellectual property rights in and to all portions of the Software delivered to

Customer under this Agreement.

Customer shall not have any obligation to provide, assign, or disclose to Genivia or any other

party any Modifications. Notwithstanding the foregoing, Genivia and its licensors shall retain

exclusive ownership of all worldwide Intellectual Property Rights in and to the Software.

Customer acknowledges that this Agreement does not grant to Customer any Intellectual

Property Rights in or to the Software other than the limited rights with respect to the Software

as set forth in Section 2.

5. DELIVERY AND PAYMENT.

Immediately following the Effective Date, Genivia grants Customer the right to download the

Software from the Approved Software Download Site specified in Exhibit A, and install the

Software at the Authorized Site and use the Software as set forth in Section 2 subject to the

restrictions listed in Section 3. Notwithstanding any terms or other agreements posted on the

Approved Software Download Site, this Agreement shall be the sole and exclusive agreement

governing Customer's use of the Software.

Customer shall pay to Genivia the Software license fee set forth in Exhibit A. License fees will

be invoiced with shipment of this License Agreement. Payment of all amounts invoiced shall be

due forty-five (45) days after receipt of the invoice.

All payments and amounts shall be paid without deduction, set-off or counter claim, free and

clear of any restrictions or conditions, and without deduction for any taxes, levies, imposts,

duties, fees, deductions, withholdings or other governmental charges. If any deduction is

required to be made by law, Customer shall pay in the manner and at the same time such

additional amounts as will result in receipt by Genivia of such amount as would have been

received by Genivia had no such amount been required to be deducted. If Customer is

claiming sales or use tax exemption, a certified Tax Exempt Certificate must be attached to

this Agreement or applicable purchase order submitted by Customer.

6. TERM AND TERMINATION.

GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 4 of 8

This Agreement shall commence upon the Effective Date and is granted in perpetuity, but may

be terminated without notice in the following circumstances: if Customer breaches any term of

this agreement, unless such breach is curable and is cured by Customer within thirty (30) days

after notice of such breach is provided by Genivia; if Customer, being a firm or partnership, is

dissolved; or, by Customer, if Customer destroys the Software for any reason. Upon

termination, Customer shall destroy any remaining copies of the Software or otherwise return

or dispose of such material. Termination pursuant to this clause shall not affect any rights or

remedies, which Genivia may have otherwise under this license or at law.

The following Sections shall survive any termination of this Agreement: Sections 1, 4, 6, 8, and

10. Termination of this Agreement, if any, shall not affect any licenses or other grants of any

rights, titles, or interests of Customer in or to any Run-Time Modules or the Target Application.

7. LIMITED WARRANTY.

Genivia warrants that the Software, installation scripts, and future Updates will be provided to

Customer. Customer assumes full responsibility for: (i) the selection, download, and installation

of the Software from the Approved Software Download Site specified in Exhibit A; (ii) the

proper use of the Software; (iii) verifying the results obtained from the use of the Software; and

(iv) taking appropriate measures to prevent loss of data. Genivia does not warrant that the

operation of the Software will meet Customer’s requirements or that Customer will be able to

achieve any particular results from use or modification of the Software or that the Software will

operate free from error.

EXCEPT AS EXPRESSLY SET FORTH IN SECTIONS 7 AND 8 OF THIS AGREEMENT,

GENIVIA AND ITS LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS,

IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED

WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE,

NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND ANY

WARRANTY THAT MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR COURSE

OF DEALING. WITHOUT LIMITING THE FOREGOING, CUSTOMER ACKNOWLEDGES

THAT THE SOFTWARE IS PROVIDED "AS IS" AND THAT GENIVIA DOES NOT WARRANT

THE SOFTWARE WILL RUN UNINTERRUPTED OR ERROR FREE. THE ENTIRE RISK AS

TO RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY CUSTOMER.

UNDER NO CIRCUMSTANCES WILL GENIVIA BE LIABLE FOR ANY SPECIAL, INDIRECT,

INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE

WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING

NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN ANY WAY

RELATED TO THE SOFTWARE, EVEN IF GENIVIA HAS BEEN ADVISED ON THE

POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN

REASONABLY FORESEEN, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL

PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES

INCLUDES, BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST

PROFITS, LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR

MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL GENIVIA BE

LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR

GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 5 of 8

SERVICES. CUSTOMER ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED

FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS

OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFECRITICAL

APPLICATIONS. GENIVIA EXPRESSLY DISCLAIM ANY LIABILITY RESULTING

FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS

ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR

CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT

IN HAZARDOUS ENVIRONMENTS BY CUSTOMER. FOR PURPOSES OF THIS

PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN

WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT

DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE. THIS

DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE.

NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS

DISCLAIMER.

8. INFRINGEMENT INDEMNITY.

Genivia will defend at its expense any suit brought against Customer and will pay all damages

finally awarded in such suit insofar as such suit is based on a claim that the Software as

provided to Customer infringes a previously issued patent, trademark, trade secret or

copyright, provided that Genivia is notified promptly of such claim and is given full and

complete authority (including settlement authority consistent with the other terms and

conditions of this Agreement), information and assistance by Customer for such defense. In

the event that the Software is held in any such suit to infringe such a right and its use is

enjoined, or if in the opinion of Genivia the Software is likely to become the subject of such a

claim, Genivia at its own election and expense will either (i) procure for Customer the right to

continue using the Software or (ii) modify or replace the Software so that it becomes noninfringing

while giving substantially equivalent performance. In the event that (i) or (ii) above

are not, in Genivia’s sole determination, obtainable using reasonable commercial efforts, then

Genivia may terminate this Agreement and refund amount Customer paid Genivia under this

Agreement for the Software which is the subject of such claim. The indemnification obligation

shall not apply to infringement actions or claims to the extent that such actions or claims are

caused solely by: (i) modifications made to the Software by a party other than Genivia; and (ii)

the combination of the Software with items not supplied by Genivia or which Genivia has

specifically not approved for combination with the Software.

9. GENERAL.

Neither party shall be liable hereunder by reason of any failure or delay in the performance of

its obligations hereunder (except for the payment of money) on account of strikes, shortages,

riots, insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, labor

conditions, earthquakes, material shortages or any other cause which is beyond the

reasonable control of such party.

GENIVIA INC. STANDARD EDITION LICENSE AGREEMENT FOR COMMERCIAL USE 6 of 8

The Software is a "commercial item" as that term is defined at 48 C.F.R. 2.101, consisting of

"commercial computer software" and "commercial computer software documentation" as such

terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R.

227.7202-1 through 227.7202-4, Customer will provide the Software to U.S. Government End

Users only pursuant to the terms and conditions therein.

Customer may not delegate, assign or transfer this Agreement, the license(s) granted or any of

Customer’s rights or duties hereunder without Genivia's express prior written consent, except

by way of merger or acquisition of the business of Customer, and any attempt to do so shall be

void. Genivia may assign this Agreement, and its rights and obligations hereunder, in its sole

discretion.

All Software and technical information delivered under this Agreement are subject to U.S.

export control laws and may be subject to export or import regulations in other countries.

Customer agrees to strictly comply with all such laws and regulations. The ECCN for the

Software is 5D002.

This Agreement is governed by New York law, excluding any principle or provision that would

call for the application of the law of any jurisdiction other than New York. Any action regarding

this Agreement shall be brought in a court of competent jurisdiction, federal or state, in the

County of New York, New York, and Genivia consents to venue and jurisdiction in and service

of process from such court.

10. DISCLOSURE OF CUSTOMER IDENTITY.

Genivia, Inc., will not disclose the identity of the Customer on its Web site, advertising, press

releases, or other publicly released publicity without the Customers' prior written consent.