Data access speed in LUKS encrypted partition
Encryption adds extra CPU load, as each disk block needs to be decrypted by the OS on access. Your test results (~600 MB/s decryption) are fairly average for generic AES processing on an i7.
To avoid this issue, modern CPUs generally come with hardware-based AES support built in. Intel calls this feature "AES-NI" (shown in lscpu
as "aes"), and it allows reaching 2–3 GB/s rates for the same AES decryption.
First run lscpu
and check whether it mentions "aes" among feature flags. The Intel ARK shows it as present in your CPU model, but it may be disabled by firmware (BIOS) settings. (The ARK has a footnote: "Some products can support AES New Instructions with a Processor Configuration update … Please contact OEM for the BIOS that includes the latest Processor configuration update.")
Linux uses the "aesni_intel" module to enable hardware acceleration. Check whether it's enabled in your kernel at all by running zgrep AES_NI_INTEL /proc/config.gz
. If it shows "=y
", it's part of the main kernel image and should be available.
If the output shows "=m
", it's been compiled as a module – try to load the module manually by running sudo modprobe -v aesni_intel
. If the command is unable to find the module, you probably have to reboot. (After reboot, make sure uname -r
shows the same kernel version as in ls /lib/modules
.)
Related videos on Youtube
alfC
Updated on September 18, 2022Comments
-
alfC over 1 year
In Linux (Fedora 28) I have my home directory LUKS encryped, when using Gnome Disk (screenshot), I can benchmark separately the underlying LUKS partition (upper blue rectangle) and the decrypted home partition (lower white rectanble).
The LUKS partition gives an access time of 500MB/s, but the decryped acces gives 350MB/s. To be clear this is the same partition a 500GB SSD.
Is it fair to conclude that encryption is slowing down data access by 30% ( = 150/500)?
Is this type of number documented or I am doing some thing wrong. This is much more slowdown that I was expecting.
EDIT: This is my output for
$ cryptsetup benchmark # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 384375 iterations per second for 256-bit key PBKDF2-sha256 494611 iterations per second for 256-bit key PBKDF2-sha512 323634 iterations per second for 256-bit key PBKDF2-ripemd160 293225 iterations per second for 256-bit key PBKDF2-whirlpool 185917 iterations per second for 256-bit key argon2i 4 iterations, 748334 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 4 iterations, 745443 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b 195.0 MiB/s 664.0 MiB/s serpent-cbc 128b 28.8 MiB/s 94.7 MiB/s twofish-cbc 128b 58.8 MiB/s 111.6 MiB/s aes-cbc 256b 146.5 MiB/s 507.3 MiB/s serpent-cbc 256b 33.3 MiB/s 110.2 MiB/s twofish-cbc 256b 59.3 MiB/s 123.6 MiB/s aes-xts 256b 433.7 MiB/s 416.8 MiB/s serpent-xts 256b 101.0 MiB/s 94.7 MiB/s twofish-xts 256b 111.8 MiB/s 110.3 MiB/s aes-xts 512b 349.5 MiB/s 356.6 MiB/s serpent-xts 512b 101.6 MiB/s 96.0 MiB/s twofish-xts 512b 111.2 MiB/s 108.1 MiB/s
$ lscpu | grep aes Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts flush_l1d
EDIT 2020: I changed my computer and I get completely different results for the crypo benchmark, much beyond what can be explained by a faster processor. So, I think my old hardware didn't have the dedicated encryption chip:
$ cryptsetup benchmark # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 1756408 iterations per second for 256-bit key PBKDF2-sha256 2264742 iterations per second for 256-bit key PBKDF2-sha512 1653905 iterations per second for 256-bit key PBKDF2-ripemd160 949797 iterations per second for 256-bit key PBKDF2-whirlpool 711381 iterations per second for 256-bit key argon2i 8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b 1256.4 MiB/s 3669.2 MiB/s serpent-cbc 128b 101.6 MiB/s 771.8 MiB/s twofish-cbc 128b 230.0 MiB/s 418.4 MiB/s aes-cbc 256b 947.9 MiB/s 2961.6 MiB/s serpent-cbc 256b 105.1 MiB/s 785.0 MiB/s twofish-cbc 256b 235.7 MiB/s 424.5 MiB/s aes-xts 256b 2209.9 MiB/s 2218.9 MiB/s serpent-xts 256b 762.0 MiB/s 776.6 MiB/s twofish-xts 256b 415.7 MiB/s 384.0 MiB/s aes-xts 512b 1701.8 MiB/s 1677.2 MiB/s serpent-xts 512b 713.7 MiB/s 769.6 MiB/s twofish-xts 512b 407.9 MiB/s 414.2 MiB/s
-
user1686 over 5 yearsDoes your CPU support AES-NI or equivalent? Can you check
cryptsetup benchmark
? -
davidgo over 5 yearsYes, it's a fair conclusion.
-
alfC over 5 years@grawity, I don't know, how can I find out? do you think there is a better way to tune the disk encryption for a given CPU (mine is Intel® Core™ i7-3612QM CPU @ 2.10GHz × 8 Intel® Ivybridge Mobile). I edited my question with the output of
cryptsetup benchmark
. -
user1686 over 5 yearsRun
lscpu | grep aes
, additionallylsmod | grep aes
and just in casemodinfo aesni_intel
. According to Intel ARK it should be supported, but on your benchmark it doesn't show. -
alfC over 5 years
lscpu | grep aes
showsaes
(see the edit in my question).lsmod | grep aes
shows nothing.modinfo easni_intel
givesmodinfo: ERROR: Module aesni_intel not found.
-
-
alfC over 5 years
lscpu
shows aaes
entry.zgrep AES_NI_INTEL /proc/config.gz
givesgzip: /proc/config.gz: No such file or directory
.sudo modprobe -v aesni_intel
(after password) shows no output and the speed test still give the same results.lsmod | grep aes
gives no output andmodinfo aesni_intel
givesmodinfo: ERROR: Module aesni_intel not found
. Now I am curious why my Fedora doesn't seem to have this.