FSVERITY/DM-Verity Can Yield Much Better Performance With Multi-Buffer Hashing

Written by Michael Larabel in Linux Storage on 2 May 2024 at 12:00 AM EDT. 1 Comment
In addition to recently working out AES-XTS implementations for AVX2, AVX-512, and other versions for speeding up disk/file encryption, Google's Eric Biggers has additionally been working on some nice performance improvements for the Linux kernel's DM-Verity code.

DM-Verity as a reminder is the Device Mapper means of providing transparent integrity checking of block devices using a cryptographic digest. With the pending code by Eric Biggers, there is improved performance coming by making use of multi-buffer hashing. He explained in this patch culminating the series:
"When supported by the hash algorithm, use crypto_shash_finup2x() to interleave the hashing of pairs of data blocks. On some CPUs this nearly doubles hashing performance. The increase in overall throughput of cold-cache dm-verity reads that I'm seeing on arm64 and x86_64 is roughly 35% (though this metric is hard to measure as it jumps around a lot)."

There's also a patch for FSVERITY to provide a similar performance benefit for file-based authenticity protection.

Quite a nice improvement coming to a kernel near you for those making use of DM-Verity and/or FSVERITY.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week