Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Ubuntu 11.10 Home Encryption Performance

  1. #11
    Join Date
    Jun 2008
    Posts
    31

    Default

    Quote Originally Posted by gdi2k View Post
    I've used encrypted home on Ubuntu since it became available. I have a Vertex2 SSD, but data transfers within home are limited to around 20 - 25 MB/sec, which maxes out one CPU core (Core2 Duo P8600). I don't so mind the slow speed so much as apps etc. still start lightning fast (only home is encrypted), but the fact that the CPU burns from simple copy operations is annoying, and it would be great if that work could be offloaded in my next machine.
    Thanks for that info, I didn't notice 100% CPU usage during long operations. A bit strange it sucks so much power, but it seems we gotta live with it for now, waiting for more powerful CPUs to better utilize our super fast SSDs

  2. #12
    Join Date
    Oct 2007
    Posts
    178

    Default

    My experience is that most semi-modern hardware handles disk encryption without much problem. Heck, I use dm-crypt/luks in Arch Linux on a Lenovo netbook with a 1.6GHz Atom CPU and a 250GB HD without any noticeable loss in performance.

  3. #13
    Join Date
    Sep 2011
    Posts
    3

    Default Testing...

    Quote Originally Posted by korpenkraxar
    My experience is that most semi-modern hardware handles disk encryption without much problem. Heck, I use dm-crypt/luks in Arch Linux on a Lenovo netbook with a 1.6GHz Atom CPU and a 250GB HD without any noticeable loss in performance.
    Here's a simple test to time a 1 GB write, I would be interested to see your results. I'll post mine below. If you encrypt your whole root, maybe you can run the second test on your unencrypted /boot partition for testing purposes.

    Hardware: Lenovo X200, Core2 Duo P8600, 4 GB RAM, Vertex2 SSD (90GB), Ubuntu 11.04 64-bit.

    Test writing to an encrypted area on the SSD (using Ubuntu's standard home encryption stuff):
    Code:
    gdi2k@X200:~$ time dd if=/dev/zero of=~/test bs=1024 count=1000000
    1000000+0 records in
    1000000+0 records out
    1024000000 bytes (1.0 GB) copied, 43.3324 s, 23.6 MB/s
    
    real	0m43.336s
    user	0m0.140s
    sys	0m39.260s
    Test writing to the SSD without encryption:
    Code:
    root@X200:~# time dd if=/dev/zero of=/root/test bs=1024 count=1000000
    1000000+0 records in
    1000000+0 records out
    1024000000 bytes (1.0 GB) copied, 4.39919 s, 233 MB/s
    
    real	0m4.405s
    user	0m0.080s
    sys	0m2.790s
    For me, the performance loss is noticeable by a factor of 10. And as I said, during the write to the encrypted space, one CPU core is constantly saturated, generating heat, causing fan noise, and increased power consumption. I think AES-NI would be very beneficial in my case, and probably even more so for reads than writes.

  4. #14
    Join Date
    Oct 2007
    Posts
    178

    Default

    Damnit, I knew I would have to eat crow for that not so very carefully phrased statement :-)

    I've run these dd's on both a 64-bit W500 Thinkpad laptop and the 32-bit Ideapad netbook, both running Arch Linux with dm-crypt/luks partitions on everything but /boot. I just did 250M though, because the /boot on the netbook is too small for a gig. /boot is ext3 and /home is ext4. This is what I get:

    Netbook:
    =====

    Unecrypted boot:
    Code:
    time dd if=/dev/zero of=test bs=1024 count=250000
    250000+0 records in
    250000+0 records out
    256000000 bytes (256 MB) copied, 4.30648 s, 59.4 MB/s
    
    real    0m4.314s
    user    0m0.227s
    sys     0m3.656s
    Encrypted home:
    Code:
    time dd if=/dev/zero of=test bs=1024 count=250000
    250000+0 records in
    250000+0 records out
    256000000 bytes (256 MB) copied, 4.518 s, 56.7 MB/s
    
    real    0m4.523s
    user    0m0.277s
    sys     0m4.230s
    Laptop
    =====

    Unecrypted boot:

    Code:
    time dd if=/dev/zero of=test bs=1024 count=250000
    250000+0 records in
    250000+0 records out
    256000000 bytes (256 MB) copied, 5.2695 s, 48.6 MB/s
    
    real	0m5.315s
    user	0m0.033s
    sys	0m0.957s
    Encrypted home:

    Code:
    time dd if=/dev/zero of=test bs=1024 count=250000
    250000+0 records in
    250000+0 records out
    256000000 bytes (256 MB) copied, 5.02218 s, 51.0 MB/s
    
    real	0m5.266s
    user	0m0.047s
    sys	0m1.500s
    They are quite even over here but I am not sure about /dev/zero as a source. There is quite a bit of variation in these numbers if I repeat the tests. Does commit intervals for ext filesystems matter here btw?

    I am not sure it matters much though. If I can take the liberty to rephrase my statement a little: without any noticeable loss in performance => without much noticeable loss in performance in day-to-day use. For instance, most long writes I do on the netbook consists of transferring movie files from my NAS to the disk and in such cases, the network is the limiting factor. I do not argue against having more of the crypto stuff in silicon, I just have not been hit by major performance regressions yet.

    Moreover, it looks like your SSD is incredibly fast compared to my rotating disks. Perhaps the crypto overhead is low in my case compared to the I/O of my laptops...

  5. #15
    Join Date
    Sep 2011
    Posts
    3

    Thumbs up Interesting!

    Thanks for posting your speeds, some interesting stuff there. You're right, in your case 5 MB/s makes no practical difference in day to day use. Due to my high SSD speeds, it makes more of a difference for me.

    What surprises me is that your 1.6 GHz Atom-based Ideapad is able to write to an encrypted partition at nearly 57 MB/sec when my Core2 Duo (2.4 GHz) can only write to an encrypted partition at 25 MB/sec (I've run the test a dozen times, it never gets over 26).

    I'd be interested to find out why this may be. My first thought is that my encryption implementation is more CPU-intensive than yours. Ubuntu uses the AES cipher with a 16-byte key length (128 bit) for its home encryption from what I can tell from the mount command. What does mount tell you about your encrypted partition?

    I also agree that dd is not the best approach to benchmarking this stuff but it's quick and dirty. Maybe I'll have a go with the phoronix test suite thing over the coming weekend...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •