disk encryption performance hit
Jeff Bastian
jbastian at redhat.com
Fri May 16 16:27:06 UTC 2008
What kind of performance hit should full disk encryption entail?
I installed F9 yesterday under VMware Fusion 1.1.2 and enabled disk
encryption. It was working fine until cron fired up makewhatis. At that
point the system became so sluggish it was basically unusable. Mouse
clicks would sometimes work, sometimes get ignored, and some key strokes
would get ignored, others would get doubled (i.e., typing 'foo' might end
up with 'ffo' on the screen).
According to 'top', makewhatis was consuming the most CPU, but only about
4%, followed by kcryptd. However, the CPU was spending 85%+ on system
tasks.
I noticed it was taking a long time to run makewhatis, so I ran 'time
/etc/cron.weekly/makewhatis.cron' to see just how long and got:
real 34m44.606s
user 3m18.520s
sys 13m46.823s
I switched back to my Fedora 8 virtual machine (same host) and repeated
the test and got:
real 7m1.667s
user 2m45.410s
sys 3m4.970s
That's quite a performance hit for disk encryption... Is there something
I can tune to speed this up? Or maybe I should just encrypt /home instead
of the whole disk.
FWIW, I have VMI enabled in VMware Fusion, and I'm booting with kernel
command line args
elevator=noop clocksource=vmi-timer
on both systems.
Jeff
More information about the users
mailing list