On 28/11/2021 19:56, Adrian Vovk wrote:
- Journal mode: is slow. It atomically writes data+hash, so the
situation I describe above can never happen. However, to pull this off
it writes the data twice. Effectively every layer of journaled
dm-integrity will cut write speeds in half. This isn't too bad to
protect the rootfs since writes there will be rare, but it is terrible
for /home. Layering systemd-homed's LUKS+dm-integrity image on top of
that will cut performance in half again. So with the whole setup
proposed by the blog post (even with dm-verity) writes to home will be
limited to 1/4 of the drive's performance and the data will be written
four times over. On top of performance issues, won't writing the data 4x
wear out SSDs faster? Am I missing something?
Why can't you just enable journalling in systemd-homed, so we have
LUKS+dm-integrity-journalling?
If the user needs to separate / and /home, isn't that just sensible design?
As for SSDs, the latest ones, as far as I can tell, have a lifespan
measured in years even if they're being absolutely hammered by a stress
test. If you're really worried about wearing out an SSD, put the journal
on rotating rust, but I think those in the know are likely to tell you
that the rust will die before the SSD.
Cheers,
Wol
