LUKS disk encryption шифрлэлтийн хурд сайжруулах

Дусал нэвтэрхий толь-с

Drastically improving encrypted hard drive performance on Linux Eric Schultz // Aug 19, 2018

I have a 1.5 year old System76 laptop. I'm a big fan and can't recommend them enough. One problem I've been having though is sluggish SSD performance. On very disk-intensive tasks the system slows to a crawl. I haven't totally figured out what is happening but I did discover a possible cause: encrypted hard drives.

I use LUKS to encrypt my entire boot hard drive which is quite common for Linux users. Part of me wondered whether this might be harming my disk performance. After all, encrypting and decrypting every disk read likely has some effect on performance. Could this encryption/decryption be accelerated on the processor? As it turns out, yes.

Many Intel processors include acceleration of AES encryption (AESNI support) and LUKS and the Linux Kernel have support for that acceleration. By default though, this support was not included at boot on my computer. Based on this Server Fault thread, here's what I did.

   If you use these instructions, it's your responsibility if it fails. Make sure you know what you're doing.
   First, I checked if my processor had AESNI support by running grep aes /proc/cpuinfo. GREP found something in there, so we do have AESNI support.
   Next, I run sudo modprobe aesni-intel. Nothing bad happened so we should be good.
   Now that I think aesni-intel works, I'm going to add it to my boot image. To do this, I open the boot image module files at sudo nano /etc/initramfs-tools/modules and then add the following line to the end: aesni_intel. Save the file and close nano.
   Recreating the boot image with the new module requires me to run sudo update-initramfs -u
   Last, I reboot my computer.

So, does it help?

If the benchmarking feature of GNOME Disks can be trusted, the answer is yes.

Before making the change, the read performance of the hard drive was about ~130 MB/s.

The result after? 450 MB/s I got an over 300% increase in performance on the exact same hardware.

We'll see over the next few weeks if this helps with system sluggishness.