For any Linux laptop users or those concerned about their data's safety on production systems, I highly recommend utilizing disk encryption for safeguarding the data. However, what's the performance impact like these days? In this article with the current development snapshot of Ubuntu 14.04 LTS on a modern Intel ultrabook we're looking at the impact (including CPU utilization) of using an eCryptfs-based home directory encryption and LUKS-based full-disk encryption on Ubuntu Linux.
There have been many Phoronix articles over the years looking at disk encryption performance on Linux. With time the cost of using disk encryption has lowered with modern CPUs and encryption implementations supporting AES-NI plus modern systems being faster so the overhead of encrypting the disk is lessened. For our first disk encryption tests of Ubuntu 14.04, which is an important release given that it is a Long-Term Support release and will end up on enterprise systems where encryption is often mandated, we're looking at the disk encryption costs from an Intel ultrabook.
The ultrabook used for this testing was an ASUS Zenbook Prime UX32VDA. This 2013 ASUS Zenbook model features an Intel Core i7 3517U (Ivy Bridge) processor with 4GB of RAM and dual 128GB SanDisk SSDs, but for this article only one of the solid-state drives was used. On the Ubuntu side was a clean 14.04 daily snapshot install using the Linux 3.13.0-16-generic x86_64 kernel.
Besides testing the Ubuntu 14.04 LTS install with its stock install options (no disk encryption), we also tested it with the full disk-encryption method using LUKS on LVM. On modern versions of Ubuntu Linux the option to do the full-disk encryption using LUKS on LVM is provided from the standard Ubiquity LiveCD-based installer and you no longer have to use any alternate CD for having easy access to this option.
The other option that was tested following another clean install on the Zenbook ultrabook was the eCryptfs-based home directory encryption. With this option eCryptfs is used to encrypt the home directory but only the home directory and not the rest of the file-system or temporary storage area. In general, I personally always go for full-disk encryption regardless of the associated performance penalties.