Announcement

Collapse
No announcement yet.

Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Termy View Post
    That sounds nice, hopefully it will be mainlined soon™
    My 3800x caps out at around 2.1gb/s. So PCIe4 would be kind of pointless ^^
    Your best approach to NVMe encryption would be to find a drive with hardware encryption that you can trust. Doing it on the drive controller is the best place for it. If only you could be sure it was doing it correctly.

    Comment


    • #22
      Originally posted by Zan Lynx View Post

      Your best approach to NVMe encryption would be to find a drive with hardware encryption that you can trust. Doing it on the drive controller is the best place for it. If only you could be sure it was doing it correctly.
      Not really. The NVMe drives suffer from temp / write throttling and focusing more computation on that tiny area makes the situation worse.

      Comment


      • #23
        Originally posted by caligula View Post

        Not really. The NVMe drives suffer from temp / write throttling and focusing more computation on that tiny area makes the situation worse.
        I'm not sure you're thinking of the same drives that I am. The Pro line of Samsung drives do AES encryption at line speed. As far as I am aware they do this all the time whether or not you configured a key, because this is how they implement Secure Erase. That command randomizes the key and applies TRIM to the entire drive. It's done instantly and no writes are required.

        Datacenter NVMe drives are not tiny little M.2 drives with heat problems. They are long slab hotswap cards, usually wired up with U.2. They don't have heat problems.

        Pretty much the only NVMe drives with problems are these first-gen PCIe 4.0 drives because they're all based on overclocked PCIe 3 controllers. Then shoved into a tiny space with no fan under the GPU.

        Comment


        • #24
          Originally posted by anarki2 View Post
          "Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.
          cloudflare doesn't compile linux kernels, it just passes data between storage and network card. i.e. it is "do nothing" vs "decrypt"
          in their test fde reduced throughput from 1126 MB/s to 147 MB/s which is several times more than "halves"
          Last edited by pal666; 29 March 2020, 07:51 AM.

          Comment

          Working...
          X