diff --git a/docs/v2.7.2-ReleaseNotes b/docs/v2.7.2-ReleaseNotes
index 73df5e5c1..1d683534b 100644
--- a/docs/v2.7.2-ReleaseNotes
+++ b/docs/v2.7.2-ReleaseNotes
@@ -21,3 +21,11 @@ Changes since version 2.7.1
   as this passphrase already exists.
 
 * Update license for FAQ document to CC BY-SA 4.0.
+
+NOTE: Please note that with OPAL-only (--hw-opal-only) encryption,
+the configured OPAL administrator PIN (passphrase) allows unlocking
+all configured locking ranges without LUKS keyslot decryption
+(without knowledge of LUKS passphrase).
+Because of many observed problems with compatibility, cryptsetup
+currently DOES NOT use OPAL single-user mode, which would allow such
+decoupling of OPAL admin PIN access.
diff --git a/man/common_options.adoc b/man/common_options.adoc
index 4cd831859..841929bd5 100644
--- a/man/common_options.adoc
+++ b/man/common_options.adoc
@@ -344,6 +344,14 @@ ifdef::ACTION_LUKSFORMAT[]
 Format LUKS2 device with HW based encryption configured on SED OPAL locking range only. LUKS2
 format only manages locking range unlock key. This option enables HW based data encryption managed
 by SED OPAL drive only.
++
+*NOTE*: Please note that with OPAL-only (--hw-opal-only) encryption,
+the configured OPAL administrator PIN (passphrase) allows unlocking
+all configured locking ranges without LUKS keyslot decryption
+(without knowledge of LUKS passphrase).
+Because of many observed problems with compatibility, cryptsetup
+currently DOES NOT use OPAL single-user mode, which would allow such
+decoupling of OPAL admin PIN access.
 endif::[]
 
 ifdef::ACTION_REENCRYPT[]