Note the need to omit separator characters from the PSID

mbroz · Feb 19, 2025 · 52c63b5 · 52c63b5
1 parent dded9b3
commit 52c63b5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/man/common_options.adoc b/man/common_options.adoc
@@ -338,7 +338,8 @@ Erase *ALL* data on the OPAL self-encrypted device, regardless of the partition
 and does not require a valid LUKS2 header to be present on the device to run. After providing
 correct PSID via interactive prompt or via *--key-file* parameter the device is erased.
 +
-PSID is usually printed on the OPAL device label (either directly or as a QR code). 
+PSID is usually printed on the OPAL device label (either directly or as a QR code). PSID must be
+entered without any dashes, spaces or underscores.
 +
 *NOTE*: PSID should be treated as sensitive information as it allows anyone with remote access to
 the OPAL device to destroy data even if the device is locked. Be sure you do not leak PSID through

diff --git a/man/cryptsetup.8.adoc b/man/cryptsetup.8.adoc
@@ -449,6 +449,9 @@ Securely erase a partition or device. Requires admin password.
 Additionally specify *--hw-opal-factory-reset* for a FULL factory reset of the
 drive, using the drive's *PSID* (typically printed on the label) instead of the
 admin password.
+
+*NOTE*: PSID must be entered without any dashes, spaces or underscores.
+
 *WARNING*: a factory reset will cause ALL data on the device to be lost,
 regardless of the partition it is ran on, if any, and regardless of any LUKS2
 header backup.