[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dmcrypt on an existing partition (firewire external disk)

this belongs on the list...

On Sat, Dec 01, 2007 at 12:47:05PM +0100, Andrew Henry wrote:
> Andrew Sackville-West wrote:
> > nice guide. it was definitely part of my list of open tabs when I was
> > setting up my encrypted laptop. He's got some other good ones there as
> > well. 
> >
> > A
> >   
> Somethings broken :(


> I followed the guide to the letter, and it all seemed to work
> wonderfully.  Then the pain began when I started to move my files back
> to the encrypted volume.  What a performance killer!  It's eating 90%
> CPU and it takes *forever*, because it keeps 'hanging'.  If I switch
> focus to another window, then kcryptd/0 and kjournald stop working (they
> are the processes taking 90%).  If I shut laptop lid (set to blank
> screen) then they stop working.  If the screensaver activates, then they
> stop working.  When they stop (zero percent CPU) then the disk activity
> stops as well.

I've not seen this and my whole laptop is encrypted. 

> When I run scp from a ethernet attached laptop then scp says:
> ubuntu-7.10-alternate-amd64.iso               86%  684MB   2.9MB/s  
> -stalled-
> and as you can see by the transfer rate, it is nowhere near the 11MB/s I
> was getting consistently before encrypting.
> Is this normal write performance? 

I honestly don't know. There *has* to be some performance hit because
the data gets mangled before hitting the disk. I don't *notice* any
performance hit on my laptop. I'm not in a position at the moment to
compare in the same way as you, but I did capture some speeds during
my setup. When I was wiping the encrypted partition during setup, I
got between 26 and 36 MB/s writing depending on where on the disk I
was. So I'd say what you're seeing is not typical. Note that I'm on a
pretty new laptop with halfway decent specs.

> Can the "terminal loses focus: copy
> suspends" behaviour be fixed?  I have not tested read performance yet,
> but I expect and hope that it will be more normal.

I would say you've got something messed up there. Just a quick
run-down of what I've done:

1. modprobe dm_crypt sha256 aes_i586. confirmed it worked by ls -l
2. create the encrypted partition: cryptsetup -c aes-cbc-essiv:sha256
   -y luksFormat /dev/<encrypted-part>
3. map it to a /dev/mapper/volume: cryptsetup luksOpen
   /dev/<encrypted-part> crypt-part
4. create a filesystem on /dev/mapper/crypt-part and away you go.

this is all on sid, BTW.



Attachment: signature.asc
Description: Digital signature

Reply to: