As you can format a LUKS volume with any filesystem you want, are certain filesystems better-suited to IO performance against an encrypted filesystem? Specifically, I'm wondering about a loop device with a file sitting on an ext4 partition. As all data written to the filesystem is encrypted, do certain filesystems write less metadata or write it more efficiently? Would zfs or ext2 / ext3 perform better than ext4 on an encrypted loopback filesystem?
Asked
Active
Viewed 6,407 times
4
Will
- 1,147
- 10
- 26
1 Answers
7
I've been running LUKS encrypted filesystems for over a decade, with ext2/3/4, XFS, ZFS and maybe some other filesystems I've forgotten about. While I don't have any benchmarks handy, I do have a few notes to share:
The only real performance issue you have with LUKS is the encryption and decryption itself. This introduces some latency to the process and has the potential to make disk I/O CPU-bound. On older systems without hardware AES acceleration on-chip, this was a significant issue. Today, as long as you have AES-NI in your processor and a kernel from this decade, it's almost unnoticeable for moderate workloads. Better still if you have a recent (3.x+?) kernel which can do crypto in multiple kernel threads.
Michael Hampton
- 244,070
- 43
- 506
- 972
-
ℹ️ Processors that support AES: https://en.wikipedia.org/wiki/AES_instruction_set – Alberto Salvia Novella May 14 '21 at 23:52