What would be the Read-/Write-overhead when using dm-crypt (LUKS) as full disk-encryption (including root partition) on a Linux-Desktop (Ubuntu)?
I plan to stack it like so: LUKS > LVM > ext4
The CPU in use on the system would be a Core2 Duo 2.1 GHz with 4GB of RAM.
- Would encryption of such a system create a great/noticeable overhead?
- Are there any recent benchmarks to be found on the net? What is your personal experience?
- Are there any settings I can make to improve performance?
Thx for your help.
Best Answer
There is no I/O-overhead involved in dm-crypt - just CPU overhead ... ;)
On a Athlon 64 2.6 GHz dual core system for example I can copy from one dm-crypt disk to another with ~ 40 MB/sec (2.6.26 Kernel, Seagate 1.5 TB SATA disks).
For performance make sure that the for your architecture optimized aes module is loaded, e.g.
Regarding data-safety, there is no need to disable the write-cache because of dm-crypt. Old versions didn't support write-barriers, but since 2010 (kernel 2.6.31 or so) dm-crypt does support them (respectively force-unit-access - FUA).
Btw, one can argue that it does not really makes sense to encrypt the root-partition.
However, encrypting swap does make sense.