I've benchmarked the CCP on an API Ryzen 3000G and it works with openssl. Never tried to get it to work with cryptsetup though. The main advantage I see is not always better speed, but that you offload the cpu for other tasks.

It's a kernel boot option passed to cryptsetup via cryptdevice

It doesn't look too bad but for some workloads (DB) it seems not great. Which is too bad because I have always used full disk encryption since the loop-aes days many decades ago. It seems crazy not to. If someone breaks in and steals your hardware, you want them to have all your data too?

My main problem with dm-crypt is that there is something wrong with the IO mechanisms that don't play nice with the normal kernel IO. When reading or writing large amounts of data and/or metadata it can cause the IO subsystem to stall and hang the whole machine. It's been like this for many years. Even reading a bunch of data from only the RAM cache can cause the entire server to freeze for a few minutes (I'm talking about big data machines here, hundreds of gigabytes of RAM and many terabytes and tens of millions of files). Also "ionice" doesn't work because it doesn't affect the dm-crypt kernel threads doing the actual IO.

On any system or portable disk that can easily be misappropriated (or lost) encryption just makes sense. In fact, where I work have become extraordinarily fussy about it; although then they simultaneously tell you to use G-Suite to share files, and G-Suite won't allow me to share a file I've compressed and passworded with a coworker... so, yeah.

That said, how many stories over the years have been reported of Govt. Worker X losing unencrypted memory stick/disk/laptop [delete as appropriate] by leaving it on a train/stolen from a car/in a bar/at mistresses apartment/losing when drunk [delete as appropriate]? And they tend to contain things like names, address, DOBs, SSNs... all the stuff needed to really cause someone grief. Now, given the push for biometric ID everywhere, follow my train of thought...

I'm really surprised how little impact FDE has for most things.

"Developer" laptops are usually designed by people who haven't written a line of code in their lives, much less tried on tiny 13 or 14" screens.

I agree. My work laptop is a 13 inch MacBook Pro 2019 model, thank God I have an ultrawide to connect to for more screen real estate. My former co-worker who was good friends with the boss who have both since left got a 15.6 inch ThinkPad P series workstation!

Definitely the way to go.

Michael, could you please test ZFS vs LUKS vs no encryption on the same laptop? I’m particularly interested in power usage numbers.