[dm-devel] Need some advices on LUKS2 cryptsetup (performance issue with integrity)
laurent cop
laurent.cop at gmail.com
Mon Jun 29 13:09:23 UTC 2020
Hello,
I would need some advice on LUKS2 cryptsetup (confidentiality + integrity).
My context was :
*encryption (cryptsetu*p aes_xts_plain64) on xfs formatted Raid5 (4+1 for
parity) soft raid (mdadm) on SSD nvme disks
I would like to include crypsetup integrity feature with
--cipher aes-gcm-random --integrity aead
on the same stack ( on xfs formatted Raid5 (4+1 for parity) soft raid
(mdadm) on SSD nvme disks)
Few tests with fio (I am testing *sequential write performances*)
--ioengine=libaio --bs=4K --size=30G --end_fsync=1 --numjobs=4
Provide me* a ratio of 3 between the two use cases.*
A study *"Practical Cryptographic Data Integrity Protection with Full Disk
Encryption Extended Version" from 1 Jul 2018*
seems to show this kind of ratio and illustrates the difference between
(JOURNAL and NO JOURNAL). In the case of NO JOURNAL, integrity seems to
have very low effects on performances.
1)How can I improve my performances with --cipher aes-gcm-random
--integrity aead ? (this ratio of 3 with aes_xts_plain64 is huge)
2) What are the impacts of NO JOURNAL, I understand the goal of
journalisation in fs in case of a crash. Is it the same goal?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20200629/dcb32286/attachment.htm>
More information about the dm-devel
mailing list