> I can agree that in case of HDDs full disk encryption is an affordable > solution. This is a consequence of relatively low throughput of a magnetic > carrier in comparison to modern crypto performance. > However, the status quo is challenged by proliferation of fast SSDs. > It drives demand for crypto performance much higher. HW acceleration > would become must-have. Right, most workloads are likely bottlenecked by seeks - not math. >> Implementation of this API may be based on AF_ALG kernel >> interface. This assures the ability to use hardware accelerations >> already implemented in Linux kernel. Moreover, due to working on >> bigger chunks (dm-crypt operates on 512 byte long sectors) the raw >> encryption performance may be even higher. > > There are at least three approaches that can be combined to form a holistic > solution: > 1) minimizing amount of plaintext through per-poor granulation, > 2) skipping repetitive encryption, > 3) utilizing full performance of an accelerator. > > dm-crypt is not optimized for advanced HW accelerators. Using the same > accelerator in different way gives more performance gain. What hardware accelerators are we talking about here? Intel's AES_NI instructions are already helping accelerate dm-crypt, and you don't need AF_ALG in userland to use them either. Is there a significant difference in cost between crypto PCIe card(s), and simply buying SED SSDs? It seems to me that if you are willing to trust a black box (crypto card), you might as well trust the drive manufacturer to do your encryption. The benefit of SED would be that the crypo throughput increases linearly with the storage. -- Kyle Bader -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
