TCG Opal support: add documentation to rear(8) manual page

doc/rear.8.adoc

@@ -122,6 +122,12 @@ the GNU General Public License at: http://www.gnu.org/licenses/gpl.html
 *restoreonly*::
     only restore the backup; can be used only when running from the rescue media
 
+*mkopalpba*::
+    create a pre-boot authentication (PBA) image to boot from TCG Opal 2-compliant self-encrypting disks
+
+*opaladmin*::
+    administrate TCG Opal 2-compliant self-encrypting disks
+
 *validate*::
     submit validation information
 
@@ -397,6 +403,28 @@ with +BACKUP_URL=nfs+. Other BACKUP_URL schemes may work but
 at least +BACKUP_URL=usb+ requires USB_SUFFIX to be set
 to work with incremental or differential backup.
 
+== SUPPORT FOR SELF-ENCRYPTING DISKS
+
+Relax-and-Recover supports self-encrypting disks (SEDs) compliant with the TCG
+Opal 2 specification if the `sedutil-cli` executable is installed.
+
+Currently, Relax-and-Recover does not automatically recreate Opal 2 disk
+encryption, but offers support for
+
+* setting up self-encrypting disks (SEDs), including assigning a disk password,
+* booting from SEDs with a pre-boot authentication (PBA) system to unlock disks.
+
+To prepare booting from an SED, configure the `OPAL_PBA_OUTPUT_URL`
+configuration variable and run +rear mkopalpba+, then create the rescue system.
+
+To set up an SED, boot the Relax-and-Recover rescue system and run`rear
+opaladmin setupERASE DEVICE` (_DEVICE_ being the disk device path like
+`/dev/sda`).
+
+For complete information, consult the section "Support for TCG Opal 2-compliant
+Self-Encrypting Disks" Relax-and-Recover
+in the user guide.
+
 == CONFIGURATION
 To configure Relax-and-Recover you have to edit the configuration files in
 _/etc/rear/_.  All _*.conf_ files there are part of the configuration, but