dwipe 2.0.1__tar.gz → 2.0.2__tar.gz

{dwipe-2.0.1 → dwipe-2.0.2}/.gitignore

@@ -1,4 +1,5 @@
 .vscode/
+.claude/
 */__pycache/
 .venv/
 venv.zd/

{dwipe-2.0.1 → dwipe-2.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dwipe
-Version: 2.0.1
+Version: 2.0.2
 Summary: A tool to wipe disks and partitions for Linux
 Keywords: disk,partition,wipe,clean,scrub
 Author-email: Joe Defen <joedef@google.com>
@@ -10,7 +10,7 @@ Classifier: Programming Language :: Python :: 3
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Operating System :: POSIX :: Linux
 License-File: LICENSE
-Requires-Dist: console-window == 1.3.2
+Requires-Dist: console-window == 1.4.2
 Project-URL: Bug Tracker, https://github.com/joedefen/dwipe/issues
 Project-URL: Homepage, https://github.com/joedefen/dwipe
 
@@ -25,7 +25,7 @@ Project-URL: Homepage, https://github.com/joedefen/dwipe
 | Interactive TUI | ✓ | ✓ | ✗ | ✗ |
 | Multiple simultaneous wipes | ✓ | ✗ | ✗ | ✗ |
 | Hot-swap detection | ✓ | ✗ | ✗ | ✗ |
-| Device/partition locking | ✓ | ✗ | ✗ | ✗ |
+| Device/partition blocking | ✓ | ✗ | ✗ | ✗ |
 | Persistent wipe state | ✓ | ✗ | ✗ | ✗ |
 | Resume interrupted wipes | ✓ | ✗ | ✗ | ✗ |
 | Wipe operation logging | ✓ | ✗ | ✗ | ✗ |
@@ -38,6 +38,37 @@ Project-URL: Homepage, https://github.com/joedefen/dwipe
 > * **Modern drives are reliably wiped with one pass of zeros**; just zero once in almost all cases for best, fastest results.
 > * `dwipe` offers Multi-pass and Rand modes as "checkbox" features, but those provide no additional security on drives manufactured after 2001 (NIST SP 800-88).
 
+## **V3 Features** (Partly in V2.x)
+
+> Features added since initial V2 deployment (may not be in a demo until V3).
+
+* **Port and Serial number**.  Press `p` to control port and serial number; it adds another line per disk and you may want to use it selectively. You may choose "Off" (not shown), "On" (always shown), or the default "Auto" show if the disk is in a state allowed for wiping (e.g., no mounted partitions).
+* **Fast SATA Release**. If you press `DEL` on a SATA drive in a hot-swap bay (and not mounted or otherwise busy):
+  * it will be removed from the OS managed devices, 
+  * when gone from the `dwipe` screen, you can then pull out the device, and insert another one.
+  * So, replacing the drive can take just seconds, not minutes awaiting SATA timeouts.
+* **Background device monitoring** - Faster and more efficient hot-swap detection with dedicated monitoring thread:
+  - Monitors `/sys/class/block` and `/proc/partitions` for device changes
+  - Runs `lsblk` only when changes detected (previously ran every refresh)
+  - Reduces CPU usage and improves responsiveness
+  - Faster detection of newly inserted or removed devices
+* **Lock renamed Block** - To reduce confusion, the "lock" feature is renamed.
+  - "Blocking" a partition or disk is only effective within the running app.
+  - It prevents wiping w/o first unblocking even if unmounted or otherwise it a wipeable state.
+  - It does not system level lock of any type.
+* **Hardware-based firmware wipes (EXPERIMENTAL/ALPHA)** - Full support for firmware-level secure erase operations:
+  - **⚠️ Requires `--firmware-wipes` flag to enable (disabled by default)**
+  - **NVMe Sanitize**: Crypto Erase, Block Erase, and Overwrite operations via `nvme-cli`
+  - **NVMe Format**: Secure format with optional crypto erase
+  - **SATA ATA Security Erase**: Normal and Enhanced erase modes via `hdparm`
+  - Automatic capability detection shows only supported methods for each drive
+  - Firmware wipes are much faster than software wipes (seconds to minutes vs hours)
+  - Same user interface - firmware options appear alongside Zero/Rand in wipe confirmation
+  - Progress tracking with "FW" indicator to show hardware operation in progress
+  - Persistent markers track firmware wipe completion and method used
+  - See [FIRMWARE_WIPES.md](FIRMWARE_WIPES.md) for technical details
+  - **Note**: This feature is experimental; software wipes are recommended for most users
+
 ## **V2 Features**
 
 * **Statistical verification** - Automatic or on-demand verification with intelligent pattern detection:
@@ -51,23 +82,23 @@ Project-URL: Homepage, https://github.com/joedefen/dwipe
 * **Configurable confirmation modes** - Choose your safety level: single keypress (Y/y), typed confirmation (YES/yes), or device name (cycle with **c** key)
 * **Enhanced wipe history** - Detailed log viewer (**h** key) shows wipe history with UUIDs, filesystems, labels, and percentages for stopped wipes
 * **Active wipe highlighting** - In-progress wipes displayed in bright cyan/blue with elapsed time, remaining time, and transfer speed (0-100% write, 101-200% verify)
-* **Persistent user preferences** - Theme, wipe mode (Rand/Zero/Rand+V/Zero+V), confirmation mode, verification %, and locked devices persist across sessions (saved to `~/.config/dwipe/state.json`)
-* **Individual partition locking** - Lock individual partitions to prevent accidental wiping (previously only whole disks could be locked)
+* **Persistent user preferences** - Theme, wipe mode (Rand/Zero/Rand+V/Zero+V), confirmation mode, verification %, and blocked devices persist across sessions (saved to `~/.config/dwipe/state.json`)
+* **Individual partition blocking** - Block individual partitions to prevent accidental wiping (previously only whole disks could be blocked)
 * **Full terminal color themes** - Complete themed color schemes with backgrounds, not just highlights (cycle with **t** key)
-* **Visual feedback improvements** - Mounted and locked devices appear dimmed; active wipes are bright and prominent
+* **Visual feedback improvements** - Mounted and blocked devices appear dimmed; active wipes are bright and prominent
 * **Smart device identification** - Uses UUID/PARTUUID/serial numbers for stable device tracking across reconnections
 * **Screen-based navigation** - Modern screen stack architecture with help screen (**?**) and history screen (**h**)
 * **Direct I/O to Disk** - Wiping is done with direct I/O which is fast and avoid polluting your page cache. Writer threads are given lower than normal I/O priority to play nice with other apps.  This makes stopping jobs fast and certain.
 * **Improved Handling of Bad Disks.** Now detects (sometimes corrects) write failures, slowdowns, excessive no progress, and reports/aborts hopeless or hopelessly slow wipes.
 
-## **V2.x Features**
-Features added since V2 deployed (may not be in latest demo):
-* **Port and Serial number**.  Press `p` to toggle whether port and serial number is show; it adds another line per disk and you may want to use it selectively.
 ## Requirements
 - **Linux operating system** (uses `/dev/`, `/sys/`, `/proc/` interfaces)
 - **Python 3.8 or higher**
 - **Root/sudo privileges** (automatically requested when you run the tool)
 - **lsblk utility** (usually pre-installed on most Linux distributions)
+- **Optional (for firmware wipes only):**
+  - `nvme-cli` - For NVMe Sanitize and Format operations
+  - `hdparm` - For SATA ATA Security Erase operations
 
 ## Installation
 
@@ -87,28 +118,37 @@ Features added since V2 deployed (may not be in latest demo):
 `dwipe` provides comprehensive disk wiping capabilities with safety features:
 
 * **Smart device display** - Shows disks and partitions with labels, sizes, types, and vendor/model information to help identify devices correctly
-* **Safety protections** - Prevents wiping mounted devices, detects overlapping wipes, supports manual disk locking
+* **Safety protections** - Prevents wiping mounted devices, detects overlapping wipes, supports manual disk blocking
 * **Hot-swap detection** - Updates the device list when storage changes; newly added devices are marked with **^** to make them easy to spot
 * **Multiple simultaneous wipes** - Start wipes on multiple devices at once, with individual progress tracking and completion states
 * **Flexible wipe modes** - Choose between Rand, Zero, Rand+V (with auto-verify), or Zero+V (with auto-verify). Multi-pass modes alternate patterns for improved data destruction
 * **Persistent state tracking** - Wipe status survives reboots; partially wiped (**s**) and completed (**W**) states are stored on the device
 * **Device filtering** - Filter devices by name/pattern using regex in case of too many for one screen
 * **Stop capability** - Stop individual wipes or all wipes in progress
-* **Disk locking** - Manually lock disks to prevent accidental wipes (locks hide all partitions)
-* **Dry-run mode** - Practice using the interface without risk using `--dry-run`
+* **Disk blocking** - Manually block disks to prevent accidental wipes (blocks hide all partitions)
 
 
 > **Note:** `dwipe` shows file system labels, and if not available, the partition label. It is best practice to label partitions and file systems well to make selection easier.
-  
+
 ## Usage
 
 Simply run `dwipe` from the command line without arguments: `dwipe`
 
+### Command-Line Options
+
+- `--firmware-wipes` or `-F` - Enable experimental (alpha) firmware wipes
+  - Enables hardware-based secure erase operations (NVMe Sanitize/Format, SATA ATA Security Erase)
+  - Requires `nvme-cli` and `hdparm` tools to be installed
+  - Without this flag, only software wipes (Zero/Rand) are available
+  - **Warning**: This feature is experimental and should be used with caution
+- `--dump-lsblk` - Dump parsed device information and exit (for debugging)
+- `--help` - Show help message with all available options
+
 ### Color Legend
 
 `dwipe` uses color coding to provide instant visual feedback about device and operation status:
 
-- **Dimmed (gray)** - Mounted or locked devices (cannot be wiped)
+- **Dimmed (gray)** - Mounted or blocked devices (cannot be wiped)
 - **Default (white)** - Ready to wipe, idle state, or previously wiped (before this session)
 - **Bright cyan/blue + bold** - Active wipe or verification in progress (0-100% write, v0-v100% verify)
 - **Bold yellow** - Stopped or partially completed wipe
@@ -156,8 +196,8 @@ The **STATE** column shows the current status of each device:
 | **STOP** | Wipe or verification is being stopped |
 | **s** | Wipe was stopped - device is partially wiped (can restart or verify) |
 | **W** | Wipe was completed successfully (can wipe again or verify) |
-| **Lock** | Disk is manually locked - partitions are hidden and cannot be wiped |
-| **Unlk** | Disk was just unlocked (transitory state) |
+| **Blk** | Disk is manually blocked - partitions are hidden and cannot be wiped |
+| **Unbl** | Disk was just unblocked (transitory state) |
 
 ### Available Actions
 
@@ -169,42 +209,39 @@ The top line shows available actions. Some are context-sensitive (only available
 | **v** | verify | Verify a wiped device or detect pattern on unmarked disk (context-sensitive) |
 | **s** | stop | Stop the selected wipe in progress (context-sensitive) |
 | **S** | Stop All | Stop all wipes in progress |
-| **l** | lock/unlock | Lock or unlock a disk to prevent accidental wiping |
+| **b** | block/unblock | Block or unblock a disk to prevent accidental wiping |
 | **q** or **x** | quit | Quit the application (stops all wipes first) |
 | **?** | help | Show help screen with all actions and navigation keys |
 | **h** | history | Show wipe history log |
 | **/** | filter | Filter devices by regex pattern (shows matching devices + all active wipes) |
 | **ESC** | clear filter | Clear the filter and jump to top of list |
-| **m** | mode | Cycle wipe mode: Rand, Zero, Rand+V, Zero+V (saved as preference) |
+| **ESC** | back | Return to previous screen if on nested screen |
+| **m** | mode | Cycle auto verify mode: +V (verify), -V (don't) [saved as preference] |
 | **P** | passes | Cycle wipe passes: 1, 2, or 4 (saved as preference) |
 | **V** | verify % | Cycle verification percentage: 0%, 2%, 5%, 10%, 25%, 50%, 100% (saved as preference) |
-| **c** | confirmation | Cycle confirmation mode: Y, y, YES, yes, device name (saved as preference) |
-| **d** | dirty limit | Cycle dirty page limit: 0, 500, 1000, 2000, 4000 MB (saved as preference) |
 | **D** | dense | Toggle dense/spaced view (saved as preference) |
 | **t** | themes | Open theme preview screen to view and change color themes |
 
-### Wipe Modes
+### Wipe Types
 
-`dwipe` supports four wipe modes (cycle with **m** key):
+`dwipe` supports several wipe modes.
 
 - **Zero** - Fills the device with zeros (multi-pass alternates random/zero patterns, ending on zeros)
-- **Zero+V** - Same as Zero, but automatically verifies after wipe completes (if verify % > 0)
 - **Rand** - Fills the device with random data (multi-pass alternates zero/random patterns, ending on random)
-- **Rand+V** - Same as Rand, but automatically verifies after wipe completes (if verify % > 0)
+- **Firmware wipes** - TBD
 
 The `+V` suffix indicates automatic verification after wipe completion. Without `+V`, you can still manually verify by pressing **v** on a wiped device.
 
-> **Note:** Multi-pass wipes (2 or 4 passes) alternate between zero and random patterns to ensure different bit patterns physically overwrite the disk, ending on your selected mode.
+> **Note:** Multi-pass sofware (Zero and Rand) wipes (2 or 4 passes) alternate between zero and random patterns to ensure different bit patterns physically overwrite the disk, ending on your selected mode.
 
 ### Resuming Stopped Wipes
 
-Stopped wipes (state **s**) can be resumed by pressing **w** on the device:
+Stopped wipes (state **s**) can be resumed by pressing **w** on the device. Choose the same type of wipe or it will start over at 0% complete.
 
 **How Resume Works:**
 - Preserves the original wipe mode (Rand or Zero) from when the wipe was started
 - Uses the **current** passes setting to determine how much more to write
-- Continues from the exact byte offset where it stopped (rounded to buffer boundary)
-- Smart validation ensures interrupted wipes resume with correct pattern integrity
+- Continues from the exact byte offset where it marked that stopped (rounded to buffer boundary). "Marks" are written about every 30s so for non-gracefully ended wipes, the position may be as much as 30s (or somewhat more) from the last wiped disk blocks.
 
 **Resume Examples:**
 
@@ -259,7 +296,7 @@ Stopped wipes (state **s**) can be resumed by pressing **w** on the device:
 
 ### Progress Information
 
-When wiping a device, `dwipe` displays:
+When software wiping a device, `dwipe` displays:
 - **Elapsed time** - Time since wipe started (e.g., 1m18s)
 - **Remaining time** - Estimated time to completion (e.g., -3m6s)
 - **Write rate** - Current throughput (e.g., "45.2MB/s")
@@ -317,7 +354,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 
 ## Security Considerations
 
-**Important limitations:**
+**Important limitations of software wipes:**
 
 - `dwipe` supports multi-pass wiping with alternating patterns, but does not implement specific DoD 5220.22-M or Gutmann certified pattern sequences
 - More than adequate for **personal and business data** that doesn't require (antiquated) certified destruction
@@ -330,8 +367,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 
 **Best practices:**
 - Verify device labels and sizes carefully before wiping
-- Use the **Lock** feature to protect critical disks
-- Test with `--dry-run` first if unsure
+- Use the **Block** feature to protect critical disks
 - Consider encryption for sensitive data as the primary security measure
 
 ---
@@ -350,7 +386,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 ### Wipe issues
 - **Can't wipe a device** - Check the STATE column:
   - **Mnt** - Unmount the partition first: `sudo umount /dev/sdXN`
-  - **Lock** - Press **l** to unlock
+  - **Blk** - Press **b** to unblock
   - **Busy** - Another partition on the disk is being wiped
 - **Wipe is very slow** - Normal for large drives; check write rate to verify progress
 - **Wipe seems stuck** - Most likely due to bad disks; Direct I/O makes progress almost constant on good disks.

{dwipe-2.0.1 → dwipe-2.0.2}/README.md

@@ -9,7 +9,7 @@
 | Interactive TUI | ✓ | ✓ | ✗ | ✗ |
 | Multiple simultaneous wipes | ✓ | ✗ | ✗ | ✗ |
 | Hot-swap detection | ✓ | ✗ | ✗ | ✗ |
-| Device/partition locking | ✓ | ✗ | ✗ | ✗ |
+| Device/partition blocking | ✓ | ✗ | ✗ | ✗ |
 | Persistent wipe state | ✓ | ✗ | ✗ | ✗ |
 | Resume interrupted wipes | ✓ | ✗ | ✗ | ✗ |
 | Wipe operation logging | ✓ | ✗ | ✗ | ✗ |
@@ -22,6 +22,37 @@
 > * **Modern drives are reliably wiped with one pass of zeros**; just zero once in almost all cases for best, fastest results.
 > * `dwipe` offers Multi-pass and Rand modes as "checkbox" features, but those provide no additional security on drives manufactured after 2001 (NIST SP 800-88).
 
+## **V3 Features** (Partly in V2.x)
+
+> Features added since initial V2 deployment (may not be in a demo until V3).
+
+* **Port and Serial number**.  Press `p` to control port and serial number; it adds another line per disk and you may want to use it selectively. You may choose "Off" (not shown), "On" (always shown), or the default "Auto" show if the disk is in a state allowed for wiping (e.g., no mounted partitions).
+* **Fast SATA Release**. If you press `DEL` on a SATA drive in a hot-swap bay (and not mounted or otherwise busy):
+  * it will be removed from the OS managed devices, 
+  * when gone from the `dwipe` screen, you can then pull out the device, and insert another one.
+  * So, replacing the drive can take just seconds, not minutes awaiting SATA timeouts.
+* **Background device monitoring** - Faster and more efficient hot-swap detection with dedicated monitoring thread:
+  - Monitors `/sys/class/block` and `/proc/partitions` for device changes
+  - Runs `lsblk` only when changes detected (previously ran every refresh)
+  - Reduces CPU usage and improves responsiveness
+  - Faster detection of newly inserted or removed devices
+* **Lock renamed Block** - To reduce confusion, the "lock" feature is renamed.
+  - "Blocking" a partition or disk is only effective within the running app.
+  - It prevents wiping w/o first unblocking even if unmounted or otherwise it a wipeable state.
+  - It does not system level lock of any type.
+* **Hardware-based firmware wipes (EXPERIMENTAL/ALPHA)** - Full support for firmware-level secure erase operations:
+  - **⚠️ Requires `--firmware-wipes` flag to enable (disabled by default)**
+  - **NVMe Sanitize**: Crypto Erase, Block Erase, and Overwrite operations via `nvme-cli`
+  - **NVMe Format**: Secure format with optional crypto erase
+  - **SATA ATA Security Erase**: Normal and Enhanced erase modes via `hdparm`
+  - Automatic capability detection shows only supported methods for each drive
+  - Firmware wipes are much faster than software wipes (seconds to minutes vs hours)
+  - Same user interface - firmware options appear alongside Zero/Rand in wipe confirmation
+  - Progress tracking with "FW" indicator to show hardware operation in progress
+  - Persistent markers track firmware wipe completion and method used
+  - See [FIRMWARE_WIPES.md](FIRMWARE_WIPES.md) for technical details
+  - **Note**: This feature is experimental; software wipes are recommended for most users
+
 ## **V2 Features**
 
 * **Statistical verification** - Automatic or on-demand verification with intelligent pattern detection:
@@ -35,23 +66,23 @@
 * **Configurable confirmation modes** - Choose your safety level: single keypress (Y/y), typed confirmation (YES/yes), or device name (cycle with **c** key)
 * **Enhanced wipe history** - Detailed log viewer (**h** key) shows wipe history with UUIDs, filesystems, labels, and percentages for stopped wipes
 * **Active wipe highlighting** - In-progress wipes displayed in bright cyan/blue with elapsed time, remaining time, and transfer speed (0-100% write, 101-200% verify)
-* **Persistent user preferences** - Theme, wipe mode (Rand/Zero/Rand+V/Zero+V), confirmation mode, verification %, and locked devices persist across sessions (saved to `~/.config/dwipe/state.json`)
-* **Individual partition locking** - Lock individual partitions to prevent accidental wiping (previously only whole disks could be locked)
+* **Persistent user preferences** - Theme, wipe mode (Rand/Zero/Rand+V/Zero+V), confirmation mode, verification %, and blocked devices persist across sessions (saved to `~/.config/dwipe/state.json`)
+* **Individual partition blocking** - Block individual partitions to prevent accidental wiping (previously only whole disks could be blocked)
 * **Full terminal color themes** - Complete themed color schemes with backgrounds, not just highlights (cycle with **t** key)
-* **Visual feedback improvements** - Mounted and locked devices appear dimmed; active wipes are bright and prominent
+* **Visual feedback improvements** - Mounted and blocked devices appear dimmed; active wipes are bright and prominent
 * **Smart device identification** - Uses UUID/PARTUUID/serial numbers for stable device tracking across reconnections
 * **Screen-based navigation** - Modern screen stack architecture with help screen (**?**) and history screen (**h**)
 * **Direct I/O to Disk** - Wiping is done with direct I/O which is fast and avoid polluting your page cache. Writer threads are given lower than normal I/O priority to play nice with other apps.  This makes stopping jobs fast and certain.
 * **Improved Handling of Bad Disks.** Now detects (sometimes corrects) write failures, slowdowns, excessive no progress, and reports/aborts hopeless or hopelessly slow wipes.
 
-## **V2.x Features**
-Features added since V2 deployed (may not be in latest demo):
-* **Port and Serial number**.  Press `p` to toggle whether port and serial number is show; it adds another line per disk and you may want to use it selectively.
 ## Requirements
 - **Linux operating system** (uses `/dev/`, `/sys/`, `/proc/` interfaces)
 - **Python 3.8 or higher**
 - **Root/sudo privileges** (automatically requested when you run the tool)
 - **lsblk utility** (usually pre-installed on most Linux distributions)
+- **Optional (for firmware wipes only):**
+  - `nvme-cli` - For NVMe Sanitize and Format operations
+  - `hdparm` - For SATA ATA Security Erase operations
 
 ## Installation
 
@@ -71,28 +102,37 @@ Features added since V2 deployed (may not be in latest demo):
 `dwipe` provides comprehensive disk wiping capabilities with safety features:
 
 * **Smart device display** - Shows disks and partitions with labels, sizes, types, and vendor/model information to help identify devices correctly
-* **Safety protections** - Prevents wiping mounted devices, detects overlapping wipes, supports manual disk locking
+* **Safety protections** - Prevents wiping mounted devices, detects overlapping wipes, supports manual disk blocking
 * **Hot-swap detection** - Updates the device list when storage changes; newly added devices are marked with **^** to make them easy to spot
 * **Multiple simultaneous wipes** - Start wipes on multiple devices at once, with individual progress tracking and completion states
 * **Flexible wipe modes** - Choose between Rand, Zero, Rand+V (with auto-verify), or Zero+V (with auto-verify). Multi-pass modes alternate patterns for improved data destruction
 * **Persistent state tracking** - Wipe status survives reboots; partially wiped (**s**) and completed (**W**) states are stored on the device
 * **Device filtering** - Filter devices by name/pattern using regex in case of too many for one screen
 * **Stop capability** - Stop individual wipes or all wipes in progress
-* **Disk locking** - Manually lock disks to prevent accidental wipes (locks hide all partitions)
-* **Dry-run mode** - Practice using the interface without risk using `--dry-run`
+* **Disk blocking** - Manually block disks to prevent accidental wipes (blocks hide all partitions)
 
 
 > **Note:** `dwipe` shows file system labels, and if not available, the partition label. It is best practice to label partitions and file systems well to make selection easier.
-  
+
 ## Usage
 
 Simply run `dwipe` from the command line without arguments: `dwipe`
 
+### Command-Line Options
+
+- `--firmware-wipes` or `-F` - Enable experimental (alpha) firmware wipes
+  - Enables hardware-based secure erase operations (NVMe Sanitize/Format, SATA ATA Security Erase)
+  - Requires `nvme-cli` and `hdparm` tools to be installed
+  - Without this flag, only software wipes (Zero/Rand) are available
+  - **Warning**: This feature is experimental and should be used with caution
+- `--dump-lsblk` - Dump parsed device information and exit (for debugging)
+- `--help` - Show help message with all available options
+
 ### Color Legend
 
 `dwipe` uses color coding to provide instant visual feedback about device and operation status:
 
-- **Dimmed (gray)** - Mounted or locked devices (cannot be wiped)
+- **Dimmed (gray)** - Mounted or blocked devices (cannot be wiped)
 - **Default (white)** - Ready to wipe, idle state, or previously wiped (before this session)
 - **Bright cyan/blue + bold** - Active wipe or verification in progress (0-100% write, v0-v100% verify)
 - **Bold yellow** - Stopped or partially completed wipe
@@ -140,8 +180,8 @@ The **STATE** column shows the current status of each device:
 | **STOP** | Wipe or verification is being stopped |
 | **s** | Wipe was stopped - device is partially wiped (can restart or verify) |
 | **W** | Wipe was completed successfully (can wipe again or verify) |
-| **Lock** | Disk is manually locked - partitions are hidden and cannot be wiped |
-| **Unlk** | Disk was just unlocked (transitory state) |
+| **Blk** | Disk is manually blocked - partitions are hidden and cannot be wiped |
+| **Unbl** | Disk was just unblocked (transitory state) |
 
 ### Available Actions
 
@@ -153,42 +193,39 @@ The top line shows available actions. Some are context-sensitive (only available
 | **v** | verify | Verify a wiped device or detect pattern on unmarked disk (context-sensitive) |
 | **s** | stop | Stop the selected wipe in progress (context-sensitive) |
 | **S** | Stop All | Stop all wipes in progress |
-| **l** | lock/unlock | Lock or unlock a disk to prevent accidental wiping |
+| **b** | block/unblock | Block or unblock a disk to prevent accidental wiping |
 | **q** or **x** | quit | Quit the application (stops all wipes first) |
 | **?** | help | Show help screen with all actions and navigation keys |
 | **h** | history | Show wipe history log |
 | **/** | filter | Filter devices by regex pattern (shows matching devices + all active wipes) |
 | **ESC** | clear filter | Clear the filter and jump to top of list |
-| **m** | mode | Cycle wipe mode: Rand, Zero, Rand+V, Zero+V (saved as preference) |
+| **ESC** | back | Return to previous screen if on nested screen |
+| **m** | mode | Cycle auto verify mode: +V (verify), -V (don't) [saved as preference] |
 | **P** | passes | Cycle wipe passes: 1, 2, or 4 (saved as preference) |
 | **V** | verify % | Cycle verification percentage: 0%, 2%, 5%, 10%, 25%, 50%, 100% (saved as preference) |
-| **c** | confirmation | Cycle confirmation mode: Y, y, YES, yes, device name (saved as preference) |
-| **d** | dirty limit | Cycle dirty page limit: 0, 500, 1000, 2000, 4000 MB (saved as preference) |
 | **D** | dense | Toggle dense/spaced view (saved as preference) |
 | **t** | themes | Open theme preview screen to view and change color themes |
 
-### Wipe Modes
+### Wipe Types
 
-`dwipe` supports four wipe modes (cycle with **m** key):
+`dwipe` supports several wipe modes.
 
 - **Zero** - Fills the device with zeros (multi-pass alternates random/zero patterns, ending on zeros)
-- **Zero+V** - Same as Zero, but automatically verifies after wipe completes (if verify % > 0)
 - **Rand** - Fills the device with random data (multi-pass alternates zero/random patterns, ending on random)
-- **Rand+V** - Same as Rand, but automatically verifies after wipe completes (if verify % > 0)
+- **Firmware wipes** - TBD
 
 The `+V` suffix indicates automatic verification after wipe completion. Without `+V`, you can still manually verify by pressing **v** on a wiped device.
 
-> **Note:** Multi-pass wipes (2 or 4 passes) alternate between zero and random patterns to ensure different bit patterns physically overwrite the disk, ending on your selected mode.
+> **Note:** Multi-pass sofware (Zero and Rand) wipes (2 or 4 passes) alternate between zero and random patterns to ensure different bit patterns physically overwrite the disk, ending on your selected mode.
 
 ### Resuming Stopped Wipes
 
-Stopped wipes (state **s**) can be resumed by pressing **w** on the device:
+Stopped wipes (state **s**) can be resumed by pressing **w** on the device. Choose the same type of wipe or it will start over at 0% complete.
 
 **How Resume Works:**
 - Preserves the original wipe mode (Rand or Zero) from when the wipe was started
 - Uses the **current** passes setting to determine how much more to write
-- Continues from the exact byte offset where it stopped (rounded to buffer boundary)
-- Smart validation ensures interrupted wipes resume with correct pattern integrity
+- Continues from the exact byte offset where it marked that stopped (rounded to buffer boundary). "Marks" are written about every 30s so for non-gracefully ended wipes, the position may be as much as 30s (or somewhat more) from the last wiped disk blocks.
 
 **Resume Examples:**
 
@@ -243,7 +280,7 @@ Stopped wipes (state **s**) can be resumed by pressing **w** on the device:
 
 ### Progress Information
 
-When wiping a device, `dwipe` displays:
+When software wiping a device, `dwipe` displays:
 - **Elapsed time** - Time since wipe started (e.g., 1m18s)
 - **Remaining time** - Estimated time to completion (e.g., -3m6s)
 - **Write rate** - Current throughput (e.g., "45.2MB/s")
@@ -301,7 +338,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 
 ## Security Considerations
 
-**Important limitations:**
+**Important limitations of software wipes:**
 
 - `dwipe` supports multi-pass wiping with alternating patterns, but does not implement specific DoD 5220.22-M or Gutmann certified pattern sequences
 - More than adequate for **personal and business data** that doesn't require (antiquated) certified destruction
@@ -314,8 +351,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 
 **Best practices:**
 - Verify device labels and sizes carefully before wiping
-- Use the **Lock** feature to protect critical disks
-- Test with `--dry-run` first if unsure
+- Use the **Block** feature to protect critical disks
 - Consider encryption for sensitive data as the primary security measure
 
 ---
@@ -334,7 +370,7 @@ Press **ESC** from the main screen to clear the filter and return to showing all
 ### Wipe issues
 - **Can't wipe a device** - Check the STATE column:
   - **Mnt** - Unmount the partition first: `sudo umount /dev/sdXN`
-  - **Lock** - Press **l** to unlock
+  - **Blk** - Press **b** to unblock
   - **Busy** - Another partition on the disk is being wiped
 - **Wipe is very slow** - Normal for large drives; check write rate to verify progress
 - **Wipe seems stuck** - Most likely due to bad disks; Direct I/O makes progress almost constant on good disks.