Good morning,
After creating a detached header by running
cryptsetup luksFormat /dev/ram0 --cipher aes-xts-plain64 --key-size
512 --batch-mode --key-file - --header crypthdr.img
I open the LUKS device by running
cryptsetup luksOpen /dev/ram0 encrypted-ram0 --key-file - --header
crypthdr.img
now, if I execute two tests to measure the direct access to memory, and
the encryption:
fio --filename=/dev/ram0 --readwrite=readwrite --bs=4k --direct=1
--size 1Gb --name=plain
reports 1.4 GB/s for read and write
fio --filename=/dev/mapper/encrypted-ram0 --readwrite=readwrite
--bs=4k --direct=1 --size 1Gb --name=crypt
reports 236 MB/s fore read and write
I have read that prior to kernel 5.x there was a performance issue, but
that was addressed and I am on kernel 6.11.4.
In case it matters, I am booting from a UKI that I build myself for
which I do not explicitly include the module aesni_intel. However, I see
this module loaded now (although I am running on a Ryzen 7 6900H: That
is weird I guess?).
Might you have any advice on how to improve the performance of
encryption/decryption? As I am using FDE, a 7x drop in performance in
seriously impacting me.
Thank you!
--
Felix
