Verschlüsselung mit dm-crypt beschleunigen

aus dem Wiki des Entropia e.V., CCC Karlsruhe
Wechseln zu: Navigation, Suche

Möchte man bei der Festplattenverschlüsselung mit LUKS bzw. dm-crypt noch ein wenig Performance rausholen, sollte man dafür sorgen, dass das Modul aes_i586 anstatt aes geladen wird.

Bei Ubuntu (und wohl auch bei Debian) kann man bspw. mit einer wie folgt befüllten Datei /etc/initramfs-tools/modules für das Laden des richtigen Moduls sorgen:

# List of modules that you want to include in your initramfs.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
ide-disk
dm_mod
dm_crypt
sha256
aes_i586

Danach:

update-initramfs -u

Messungen

Gemessen wurde mit folgenden Skript (Partitionenvariable anpassen für eigene Messungen!):

#!/bin/sh
partition=/dev/mapper/crypto-pub
runs=10

echo == CPU ==
cat /proc/cpuinfo | egrep "^cpu|^model"

echo == Modules ==
uname -a
lsmod | grep aes

echo == Disk read performance ==
echo $partition
for i in $(seq $runs); do 
  hdparm -t $partition 2>/dev/null | grep Timing; 
done

Messung ohne aes_i586

# ./measure-dm-crypt
== CPU ==
cpu family      : 15
model           : 2
model name      : Intel(R) Celeron(R) CPU 2.40GHz
cpu MHz         : 2394.346
cpuid level     : 2
== Modules ==
Linux kerouac 2.6.20-16-lowlatency #2 SMP PREEMPT Thu Jun 7 20:23:03 UTC 2007 i6
86 GNU/Linux
aes                    28608  9
== Disk read performance ==
/dev/mapper/crypto-pub
 Timing buffered disk reads:  110 MB in  3.02 seconds =  36.41 MB/sec
 Timing buffered disk reads:  110 MB in  3.01 seconds =  36.52 MB/sec
 Timing buffered disk reads:  110 MB in  3.02 seconds =  36.42 MB/sec
 Timing buffered disk reads:  110 MB in  3.03 seconds =  36.30 MB/sec
 Timing buffered disk reads:  112 MB in  3.04 seconds =  36.83 MB/sec
 Timing buffered disk reads:  110 MB in  3.01 seconds =  36.54 MB/sec
 Timing buffered disk reads:  110 MB in  3.03 seconds =  36.31 MB/sec
 Timing buffered disk reads:  110 MB in  3.05 seconds =  36.09 MB/sec
 Timing buffered disk reads:  110 MB in  3.01 seconds =  36.50 MB/sec
 Timing buffered disk reads:  110 MB in  3.02 seconds =  36.44 MB/sec

Messung mit aes_i586

# ./measure-dm-crypt
== CPU ==
cpu family      : 15
model           : 2
model name      : Intel(R) Celeron(R) CPU 2.40GHz
cpu MHz         : 2394.265
cpuid level     : 2
== Modules ==
Linux kerouac 2.6.20-16-lowlatency #2 SMP PREEMPT Thu Jun 7 20:23:03 UTC 2007 i6
86 GNU/Linux
aes                    28608  0
aes_i586               34304  9
== Disk read performance ==
/dev/mapper/crypto-pub
 Timing buffered disk reads:  136 MB in  3.00 seconds =  45.33 MB/sec
 Timing buffered disk reads:  138 MB in  3.03 seconds =  45.56 MB/sec
 Timing buffered disk reads:  138 MB in  3.03 seconds =  45.48 MB/sec
 Timing buffered disk reads:  136 MB in  3.04 seconds =  44.79 MB/sec
 Timing buffered disk reads:  136 MB in  3.01 seconds =  45.25 MB/sec
 Timing buffered disk reads:  138 MB in  3.04 seconds =  45.45 MB/sec
 Timing buffered disk reads:  138 MB in  3.03 seconds =  45.58 MB/sec
 Timing buffered disk reads:  136 MB in  3.00 seconds =  45.29 MB/sec
 Timing buffered disk reads:  136 MB in  3.03 seconds =  44.83 MB/sec
 Timing buffered disk reads:  136 MB in  3.02 seconds =  45.01 MB/sec