Encrypted Partitions

tntcoder

tntcoder

tntcoder

Soldato
Joined
7 Apr 2004
Posts
4,212
Hi,

I'm after some info regarding encrypted root & home partitions with Arch Linux, using the LUKS encryption system (as documented here: http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root).

1. Is there any kind of noticeable performance impact on a) boot times b) post-boot general OS speed. Say for example i have a 200gb home partition, that gets decrypted on boot does this take long?

2. How does LUKS relate to file system, I mean can i still use ext3 or is a special file system required.

3. If the system is decrypted on boot, I'm assuming it gets re-encrypted on shutdown, so what happens if the power cuts off and there is a bad shutdown, any risks of corruption?

Thanks for any help,

Jack
 
Having an encrypted filesystem doesn't mean that the whole lot gets decrypted before use and then re-encrypted at the end. That'd be just silly :)

There's a layer that sits between the filesystem and the disk (so yes, you can put ext3, reiserfs, whatever) which just encrypts bytes as they're written to disk, and decrypts them when they're read off disk. The filesystem doesn't know or care that the bytes are written encrypted, much in the same way that it doesn't know or care if they're being written to floppy, hard disk, paper etc.

In my experience, it's a bit slower, but not noticably. If you run top constantly, you'll see kcryptd floating around at th etop for any intensive disk io ops, but on a day-to-day desktop, I couldn't see the difference.
 
I think from a review I saw somewhere, using dm-crypt (with LUKS, as you are) resulted in about a 25-30% performance drop for writes and reads. Easily bearable on a modern system, although perhaps not ideal for a video-editing machine ;)
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom