With more and more of one's personal and professional lives being on the computer, encrypting and properly securing those computers -- particularly mobile devices -- is incredibly important. Sadly, it's not often thought about until it's too late. It has become relatively easy to protect your personal data on Ubuntu Linux with home directory encryption support being just a checkbox-away within the installer or even full-disk LVM encryption when using Ubuntu's alternate installer. Previous tests of Ubuntu disk encryption performance have shown there is some penalty in disk-centric workloads, but the benefits are certainly worth it. In this article is a look at the Ubuntu home encryption performance under Ubuntu 11.10 with both old and new laptops.
Supported since Ubuntu 9.04 has been the ability to encrypt the entire home directory of a user, either when using the Ubiquity desktop installer or the alternate/server installer. The home directory encryption is done over eCryptfs and the user's directory is automatically un-encrypted when entering the user password for their account. Only the user-data is protected, which is most important, but the rest of the file-system remains open.
The original option for disk encryption in Ubuntu was around since Ubuntu 7.10 and that is using a fully encrypted LVM. Unfortunately, to this day, the option is only available from the Ubuntu alternate/server installer. There is still no easy way from the standard desktop installer to setup a fully encrypted LVM. This approach is the most secure, but with the largest overhead since the entire file-system is encrypted, including the temporary files. If the appropriate passphrase is not supplied when booting the system, the Ubuntu Linux boot process cannot proceed. Using an encrypted LVM is one of the layers to the approach I use for securing sensitive data.
Unfortunately, there aren't Ubuntu 11.10 encrypted LVM benchmarks in this article, since the Oneiric development snapshot being used was broken when attempting to use the encrypted LVM option from the alternate installer. As a result, this article is just a comparison of Ubuntu 11.10 with a stock installation offering no encryption and then when using the encrypted home directory feature. An older laptop was used as well as a modern Intel Sandy Bridge notebook, in order to illustrate the file-system impact.
The older laptop is a Lenovo ThinkPad T61 bearing an Intel Core 2 Duo T9300 CPU, 4GB of RAM, 100GB Hitachi HTS72201 SATA HDD, and NVIDIA Quadro NVS140M graphics.
The newer laptop is a Hewlett-Packard EliteBook with an Intel Core i5 2520M quad-core "Sandy Bridge" processor, 4GB of RAM, 160GB Intel X-25 Extreme SSD, and Intel HD 3000 Graphics.
Both systems were running the same Ubuntu 11.10 snapshot from 23 August 2011. This included the Linux 3.0.0-9-generic x86_64 kernel, Unity 4.8.2, X.Org Server 220.127.116.112, GCC 4.6.1, and an EXT4 file-system. Each notebook was tested in its stock configuration and then again upon a new installation but when enabling the encrypted home directory feature.
This testing is similar to previous tests, but this time using the latest Linux code as found in Ubuntu Oneiric. A variety of disk workloads are shown on the following pages using the Phoronix Test Suite.