I just got a Tiger Lake based laptop and installed Debian on it with dm-crypt. The installer attempts to write zeroes to the encrypted partition in order to prevent various metadata attacks (using blockdev-wipe [1]) After about eight hours with it not even halfway, I aborted this attempt. The drive is about a terabyte in size, so that's around 15MB/s. This is atrocious! cryptsetup benchmark says the CPU is capable of doing 4GB/s with aes-xts and a 512b key. The cipher in use is reported as aes-xts-plain64. dd iflag=direct of=/dev/null bs=64k count=100000 gives some pretty poor results. with if=/dev/nvme0n1p3, I get 1.2GB/s. with if=/dev/dm-0, I get 600MB/s. I found this critique of the dm-crypt architecture: https://blog.cloudflare.com/speeding-up-linux-disk-encryption/ I'm using Linux 5.9, and I'm not sure how much of this has been incorporated. [1] https://salsa.debian.org/installer-team/partman-crypto/-/blob/master/blockdev-wipe/blockdev-wipe.c -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
