Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] encrypted linux systems

> From: at [mailto:discuss-
> at] On Behalf Of Stephen Adler
> I've run across an interesting situation at where where I'm required to
> encrypt my desktop at home since it's owned by the government. Any
> advice on how to best setup an encrypted linux system? Preferably using
> some kind of encrypted hardware device which will not kill my disk IO
> rate?

If you enable encryption on your disk, it does not harm your IO rate.  I've measured, benchmarked, evaluated many configurations on many systems, and it comes down to this:

If you have a CPU which lacks the AES-NI instruction set, and you absolutely max out IO to a single disk, then it consumes about 30% cpu utilization on a single core, which means your performance is still limited by the disk IO and there is no measurable IO performance degradation.  You can stripe or mirror 3-4 disks into an aggregate unit, before you finally reach the computation limit on a single core.  I have not tested performance after you actually reach the limit of a single core - I suspect that some systems probably scale well to utilize multiple cores, and I suspect others do not.

If you *have* the AES-NI instruction set, then you get about 6x-10x faster encryption.  So, it would take around 18-40 disks all maxing out IO, before you are performance limited by your CPU.  

And in the typical situation, where you have only a single disk system, plus a CPU with AES-NI, you literally cannot measure the performance difference, nor the CPU overhead of performing the encryption.  Because the 3% or so CPU utilization falls into the noise, below the radar, along with "top" or whatever tool you're using to measure CPU utilization.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /