Announcement

Collapse
No announcement yet.

Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • JJGadgets
    replied
    Michael, could you please test ZFS vs LUKS vs no encryption on the same laptop? I’m particularly interested in power usage numbers.

    Leave a comment:


  • royce
    replied
    Originally posted by kylew77 View Post
    15.6 inch
    Definitely the way to go.

    Leave a comment:


  • kylew77
    replied
    Originally posted by royce View Post
    "Developer" laptops are usually designed by people who haven't written a line of code in their lives, much less tried on tiny 13 or 14" screens.
    I agree. My work laptop is a 13 inch MacBook Pro 2019 model, thank God I have an ultrawide to connect to for more screen real estate. My former co-worker who was good friends with the boss who have both since left got a 15.6 inch ThinkPad P series workstation!

    Leave a comment:


  • royce
    replied
    "Developer" laptops are usually designed by people who haven't written a line of code in their lives, much less tried on tiny 13 or 14" screens.

    Leave a comment:


  • Paradigm Shifter
    replied
    On any system or portable disk that can easily be misappropriated (or lost) encryption just makes sense. In fact, where I work have become extraordinarily fussy about it; although then they simultaneously tell you to use G-Suite to share files, and G-Suite won't allow me to share a file I've compressed and passworded with a coworker... so, yeah.

    That said, how many stories over the years have been reported of Govt. Worker X losing unencrypted memory stick/disk/laptop [delete as appropriate] by leaving it on a train/stolen from a car/in a bar/at mistresses apartment/losing when drunk [delete as appropriate]? And they tend to contain things like names, address, DOBs, SSNs... all the stuff needed to really cause someone grief. Now, given the push for biometric ID everywhere, follow my train of thought...

    I'm really surprised how little impact FDE has for most things.

    Leave a comment:


  • linner
    replied
    It doesn't look too bad but for some workloads (DB) it seems not great. Which is too bad because I have always used full disk encryption since the loop-aes days many decades ago. It seems crazy not to. If someone breaks in and steals your hardware, you want them to have all your data too?

    My main problem with dm-crypt is that there is something wrong with the IO mechanisms that don't play nice with the normal kernel IO. When reading or writing large amounts of data and/or metadata it can cause the IO subsystem to stall and hang the whole machine. It's been like this for many years. Even reading a bunch of data from only the RAM cache can cause the entire server to freeze for a few minutes (I'm talking about big data machines here, hundreds of gigabytes of RAM and many terabytes and tens of millions of files). Also "ionice" doesn't work because it doesn't affect the dm-crypt kernel threads doing the actual IO.

    Leave a comment:


  • itoffshore
    replied
    Originally posted by Espionage724 View Post
    I haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
    It's a kernel boot option passed to cryptsetup via cryptdevice

    Leave a comment:


  • S.Pam
    replied
    Originally posted by kiffmet View Post
    Does the PSP/CCP of Ryzen work on mobile devices? Theoretically it could be used as an accelerator for different crypto algorithms. I was pretty much out of luck with the driver claiming "ccp: unable to access the device: you might be running a broken BIOS." on a 3900X and a 5900X w/ the GB X570 Aorus Pro r1.0 with every BIOS up to AGESA 1.2.0.3C
    I've benchmarked the CCP on an API Ryzen 3000G and it works with openssl. Never tried to get it to work with cryptsetup though. The main advantage I see is not always better speed, but that you offload the cpu for other tasks.

    Leave a comment:


  • kylew77
    replied
    Originally posted by Michael View Post

    How it seems to happen is on first boot of the new system to basically trigger the actual OS install with the image on disk.
    Thanks so much Michael for a direct response. Appreciate it sir. Keep up the good work! Next time you run another membership sale I'll probably re-up again. Love reading this website every single day sir.

    Leave a comment:


  • kylew77
    replied
    Originally posted by Espionage724 View Post
    I haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
    OpenBSD- the security focused *BSD OS- doesn't support Trim on its FFS2 file system nor the FFS1 FS because of this very reason but as I saw a poster comment it only removes plausible deniability that you have an encrypted drive. There is a discussion about this very issue in the last OpenBSD release announcement on Phoronix earlier this year by people way smarter than me: https://www.phoronix.com/scan.php?pa...D-7.1-Released

    Leave a comment:

Working...
X