Ubuntu 9.04 Home Encryption Performance
One of the exciting features that is being worked on for Ubuntu 9.04 is encrypted home directories. What this means is that at install-time for either the LiveCD or server installation (or at a point later on when creating additional user accounts), the administrator can opt to have the user's home directory encrypted. This is a step-down from the Ubuntu 7.10 install-time encryption that would encrypt the entire hard drive and just not the user's home directory, but alas, that comes with performance consequences. At the request of Canonical, we have carried out a few benchmarks showing what effect the Ubuntu 9.04 home encryption feature has on the system's overall performance.
The home encryption feature in Ubuntu 9.04 is relying upon a modified adduser package and eCryptfs, for doing much of the legwork. When the encrypted user logs-in, the encrypted file-system will automatically mount and then unmount upon log-out. While this isn't quite as advanced as encrypting the entire hard drive, this is a much better implementation than just giving the user a ~/Private folder that is encrypted. What isn't provided at this time though is any utility to migrate a non-encrypted account to encrypted. Canonical's Dustin Kirkland is largely responsible for this work. He has been working on this feature in his Personal Package Archive, but over the weekend, an updated version of adduser was accepted into Ubuntu Jaunty that supports the --encrypt-home option.
For our testing we were using a development build of Ubuntu 9.04 with all updates as of December 3rd and all of Dustin's PPA packages from the same date. This was done after a clean install of Ubuntu. The kernel being used was still Linux 2.6.27-7, GNOME 2.24.1 was in use, X Server 1.5.3, and GCC 4.3.3. This was atop the default EXT3 file-system. IcedTea 6b13~pre1-0ubuntu4 was in use for providing the Java support.
The test system this time around consisted of an AMD Phenom 9500 quad-core, ECS A790GXM-A, 2GB of OCZ Reaper DDR2-800 memory, and a Seagate 160GB ST3160812AS SATA HDD. The integrated ATI Radeon HD 3300 graphics found on this motherboard were in use.
To run our benchmarks we used Phoronix Test Suite 1.6.0 Alpha 2 with the timed ImageMagick compilation, timed Apache compilation, Parallel BZIP2 compression, LAME MP3 encoding, FFmpeg, GnuPG, Sunflow Rendering System, Bork File Encrypter, and IOzone tests. With the Phoronix Test Suite, all tests by default are installed within ~/.phoronix-test-suite/ therefore, they are all prone to testing the encrypted home functionality.