The Cost Of Ubuntu Disk Encryption
It's been a while since last running any Ubuntu Linux disk encryption benchmarks, but thanks to recent encryption improvements within the upstream Linux ecosystem, it's time to deliver some new Linux disk encryption benchmarks. In this article are results comparing Ubuntu 13.04 without any form of disk encryption to using the home directory encryption feature (eCryptfs-based) and full-disk encryption (using LUKS with an encrypted LVM).
Linux disk encryption continues to improve thanks to modern Intel and AMD processors supporting AES-NI, which is an instruction set extension to better accelerate AES encryption on the processor. Both methods of disk encryption exposed via the Ubuntu Linux installer support automatically taking advantage of AES-NI on supported hardware. The benchmarks in this article were done from an AMD FX-8350 "Vishera" (Bulldozer 2) CPU that does support AES-NI and the disk drive used was a 60GB OCZ Vertex 2 solid-state drive.
Both the eCryptfs home directory encryption and full-disk encryption can be easily setup through Ubuntu's Ubiquity installer as well as through the alternate installer interface for servers. Regardless of the performance impact, I continue to recommend (and personally use) full-disk encryption for all production mobile systems to mitigate security risk.
Aside from looking at the disk performance itself, the Phoronix Test Suite benchmarking software also monitored the CPU usage in real-time via setting the MONITOR=cpu.usage environment variable prior to test execution.