From 955d3305cd117ad83411f75c2b3227fbaea60700 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Tue, 14 Sep 2021 11:07:42 -0700
Subject: README: clarify how restoring /.fscrypt directory works

Update https://github.com/google/fscrypt/issues/115
---
 README.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index cba517e..fc76dfc 100644
--- a/README.md
+++ b/README.md
@@ -490,9 +490,12 @@ directories include the following:
   `fscrypt metadata add-protector-to-policy`.
 
 * Backing up and restoring the `/.fscrypt` directory on the root filesystem.
-  Note that after restore, if the UUID of the root filesystem changed, you will
-  need to manually fix the UUID in any `.fscrypt/protectors/*.link` files on
-  other filesystems.
+  Note that after restoring the `/.fscrypt` directory, unlocking the login
+  protectors will require the passphrases they had at the time the backup was
+  made **even if they were changed later**, so make sure to remember these
+  passphrase(s) or store them in a secure location.  Also note that if the UUID
+  of the root filesystem changed, you will need to manually fix the UUID in any
+  `.fscrypt/protectors/*.link` files on other filesystems.
 
 The auto-generated recovery passphrases should be enough for most users, though.
 
-- 
cgit v1.2.3