disk encryption performance hit
Marc Schwartz
marc_schwartz at comcast.net
Fri May 16 18:24:28 UTC 2008
Jeff Bastian <jbastian at redhat.com> writes:
> What kind of performance hit should full disk encryption entail?
>
> I installed F9 yesterday under VMware Fusion 1.1.2 and enabled disk
> encryption. It was working fine until cron fired up makewhatis. At
> that point the system became so sluggish it was basically unusable.
> Mouse clicks would sometimes work, sometimes get ignored, and some key
> strokes would get ignored, others would get doubled (i.e., typing
> foo' might end up with 'ffo' on the screen).
>
> According to 'top', makewhatis was consuming the most CPU, but only
> about 4%, followed by kcryptd. However, the CPU was spending 85%+ on
> system tasks.
>
> I noticed it was taking a long time to run makewhatis, so I ran 'time
> /etc/cron.weekly/makewhatis.cron' to see just how long and got:
> real 34m44.606s
> user 3m18.520s
> sys 13m46.823s
>
> I switched back to my Fedora 8 virtual machine (same host) and
> repeated the test and got:
> real 7m1.667s
> user 2m45.410s
> sys 3m4.970s
>
>
> That's quite a performance hit for disk encryption... Is there
> something I can tune to speed this up? Or maybe I should just encrypt
> /home instead of the whole disk.
>
> FWIW, I have VMI enabled in VMware Fusion, and I'm booting with kernel
> command line args
> elevator=noop clocksource=vmi-timer
> on both systems.
>
> Jeff
I can't speak to your specific implementation, but in the past over
several versions of FC/F, when I have run performance comparisons with
hdparm, using dm-crypt/LUKS with 256 bit AES on a 7200 rpm HD, I have
seen about a 10-15% hit in throughput.
Your figures above suggest that something else is going on, perhaps
related to the virtualization overhead and I don't know enough about
that to comment in an authoritative manner.
HTH,
Marc Schwartz
More information about the fedora-list
mailing list