diff --git a/README b/README
new file mode 100644
index 0000000..e354da8
--- /dev/null
+++ b/README
@@ -0,0 +1,53 @@
+# LUKS-Encrypted Disk Images on Linux
+
+## NOTE: This will not work on an LXC unprivileged container!
+
+To make it work inside an LXC: You’d need to modify your container config (as root on the host):
+```
+lxc.apparmor.profile = unconfined
+lxc.cap.drop =
+lxc.cgroup.devices.allow = b 7:* rwm     # /dev/loop*
+lxc.cgroup.devices.allow = c 10:237 rwm  # /dev/mapper/control
+lxc.mount.auto = proc:rw sys:rw
+lxc.include = /usr/share/lxc/config/common.conf
+```
+
+And run the container as privileged (security.privileged = true).
+
+⚠️ Security warning: privileged LXC containers with these capabilities are essentially “mini-VMs” with host-level power. Not recommended on multi-tenant systems.
+
+
+## Using your package manager: (apt, etc...) install the following:
+## Requires: cryptsetup, losetup, mount, umount, findmnt, blkid
+## Optional: VBoxManage (VirtualBox), virsh (libvirt)
+
+## Quick Starts
+```
+1) Create & mount a new 4 GB encrypted image:
+sudo ./luks-img.sh create --file mydisk.img --size 4G
+
+2) Open & mount an existing image:
+sudo ./luks-img.sh open --file mydisk.img --mount /mnt/luks
+
+3) Close (unmount, close mapper, detach loop):
+sudo ./luks-img.sh close --file mydisk.img
+
+4) Backup the LUKS header:
+sudo ./luks-img.sh header-backup --file mydisk.img --out mydisk.header
+
+*) Add a new key using an existing keyfile:
+sudo ./luks-img.sh add-key --file mydisk.img --keyfile /path/newkey --existing-keyfile /path/oldkey
+```
+
+### If you want to add the image file to a VM:
+
+## Virtual Box:
+```
+sudo ./luks-img.sh launch-vbox --file mydisk.img --vm "Ubuntu VM" --start
+sudo ./luks-img.sh detach-vbox --vm "Ubuntu VM"
+```
+## libvirt/QEMU VM:
+```
+sudo ./luks-img.sh attach-virt --file mydisk.img --vm myvm --target vdb --persistent
+sudo ./luks-img.sh detach-virt --vm myvm --target vdb --persistent
+```