From 52c63b5de1b660d00cbc12b90acabf07fd8ec652 Mon Sep 17 00:00:00 2001
From: nl6720 <nl6720@gmail.com>
Date: Mon, 17 Feb 2025 15:04:03 +0200
Subject: [PATCH] Note the need to omit separator characters from the PSID

---
 man/common_options.adoc | 3 ++-
 man/cryptsetup.8.adoc   | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/man/common_options.adoc b/man/common_options.adoc
index eb0f1a130..87fccd659 100644
--- a/man/common_options.adoc
+++ b/man/common_options.adoc
@@ -338,7 +338,8 @@ Erase *ALL* data on the OPAL self-encrypted device, regardless of the partition
 and does not require a valid LUKS2 header to be present on the device to run. After providing
 correct PSID via interactive prompt or via *--key-file* parameter the device is erased.
 +
-PSID is usually printed on the OPAL device label (either directly or as a QR code). 
+PSID is usually printed on the OPAL device label (either directly or as a QR code). PSID must be
+entered without any dashes, spaces or underscores.
 +
 *NOTE*: PSID should be treated as sensitive information as it allows anyone with remote access to
 the OPAL device to destroy data even if the device is locked. Be sure you do not leak PSID through
diff --git a/man/cryptsetup.8.adoc b/man/cryptsetup.8.adoc
index 48eb605cf..1129586cb 100644
--- a/man/cryptsetup.8.adoc
+++ b/man/cryptsetup.8.adoc
@@ -449,6 +449,9 @@ Securely erase a partition or device. Requires admin password.
 Additionally specify *--hw-opal-factory-reset* for a FULL factory reset of the
 drive, using the drive's *PSID* (typically printed on the label) instead of the
 admin password.
+
+*NOTE*: PSID must be entered without any dashes, spaces or underscores.
+
 *WARNING*: a factory reset will cause ALL data on the device to be lost,
 regardless of the partition it is ran on, if any, and regardless of any LUKS2
 header backup.