Need some advices on LUKS2 cryptsetup (performance issue with integrity)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I would need some advice on LUKS2 cryptsetup (confidentiality + integrity).

My context was :
encryption (cryptsetup aes_xts_plain64) on xfs formatted Raid5 (4+1 for parity) soft raid (mdadm) on SSD nvme disks

I would like to include crypsetup integrity feature with
--cipher aes-gcm-random --integrity aead
on the same stack ( on xfs formatted Raid5 (4+1 for parity) soft raid (mdadm) on SSD nvme disks)

Few tests with fio (I am testing sequential write performances)
--ioengine=libaio --bs=4K --size=30G --end_fsync=1 --numjobs=4

Provide me a ratio of 3 between the two use cases.

A study "Practical Cryptographic Data Integrity Protection with Full Disk Encryption Extended Version" from 1 Jul 2018
seems to show this kind of ratio and illustrates the difference between  (JOURNAL and NO JOURNAL). In the case of NO JOURNAL, integrity seems to have very low effects on performances.

1)How can I improve my performances with --cipher aes-gcm-random --integrity aead ?  (this ratio of 3 with aes_xts_plain64 is huge)
2) What are the impacts of NO JOURNAL, I understand the goal of journalisation in fs in case of a crash. Is it the same goal?

Thank you.



--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel

[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux