Encrypted home directory

Marc Schwartz marc_schwartz at comcast.net
Wed Dec 24 14:07:36 UTC 2008


"James Cassell" <fedoraproject at cyberpear.com> writes:

> On Tue, 23 Dec 2008 10:01:28 -0500, Marc Schwartz
> <marc_schwartz at comcast.net> wrote:
>
>>
>> I have a separate /boot partition outside the LVM, since that cannot be
>> encrypted.
>> Using hdparm to test sequential reads on the encrypted and unencrypted
>> partitions, I get 30 MB/Sec on the former and 36 MB/Sec on the latter.
>> So I am looking at a 15-20% hit on throughput and that has been pretty
>> consistent over several releases.
>
> Could the performance difference here be due to the partitions being
> on different parts of the disk?  Throughput is higher on the outside
> of the  disk (which is the logical beginning of the disk.)  I don't
> think you have  done a fair benchmark.

Fair point and it is possible, but under prior releases (pre-F9), when I
had to do a manual config and I did not have all partitions other than
/boot encrypted, I got pretty similar results in throughput changes
across the partitions. There was a period of time when I did not have
'/' encrypted, but did have /home, swap, /tmp and /var encrypted as
separate partitions without using LVM.

Clearly a better comparison would compare the same partitions in an
unencrypted and encrypted configuration. Without going through some
config gyrations that's easier said than done.

I don't think that it is unreasonable to expect some level of
performance hit, albeit with multi-core systems, that should be lessened
and perhaps those who do not experience a notable reduction in throughput
are using such systems. I'll have one next year... :-)

Thanks James,

Marc






More information about the fedora-devel-list mailing list