this belongs on the list... On Sat, Dec 01, 2007 at 12:47:05PM +0100, Andrew Henry wrote: > Andrew Sackville-West wrote: > > nice guide. it was definitely part of my list of open tabs when I was > > setting up my encrypted laptop. He's got some other good ones there as > > well. > > > > A > > > Somethings broken :(
:( > > I followed the guide to the letter, and it all seemed to work > wonderfully. Then the pain began when I started to move my files back > to the encrypted volume. What a performance killer! It's eating 90% > CPU and it takes *forever*, because it keeps 'hanging'. If I switch > focus to another window, then kcryptd/0 and kjournald stop working (they > are the processes taking 90%). If I shut laptop lid (set to blank > screen) then they stop working. If the screensaver activates, then they > stop working. When they stop (zero percent CPU) then the disk activity > stops as well. > I've not seen this and my whole laptop is encrypted. > When I run scp from a ethernet attached laptop then scp says: > > ubuntu-7.10-alternate-amd64.iso 86% 684MB 2.9MB/s > -stalled- > > and as you can see by the transfer rate, it is nowhere near the 11MB/s I > was getting consistently before encrypting. > > Is this normal write performance? I honestly don't know. There *has* to be some performance hit because the data gets mangled before hitting the disk. I don't *notice* any performance hit on my laptop. I'm not in a position at the moment to compare in the same way as you, but I did capture some speeds during my setup. When I was wiping the encrypted partition during setup, I got between 26 and 36 MB/s writing depending on where on the disk I was. So I'd say what you're seeing is not typical. Note that I'm on a pretty new laptop with halfway decent specs. > Can the "terminal loses focus: copy > suspends" behaviour be fixed? I have not tested read performance yet, > but I expect and hope that it will be more normal. I would say you've got something messed up there. Just a quick run-down of what I've done: 1. modprobe dm_crypt sha256 aes_i586. confirmed it worked by ls -l /dev/mapper/control 2. create the encrypted partition: cryptsetup -c aes-cbc-essiv:sha256 -y luksFormat /dev/<encrypted-part> 3. map it to a /dev/mapper/volume: cryptsetup luksOpen /dev/<encrypted-part> crypt-part 4. create a filesystem on /dev/mapper/crypt-part and away you go. this is all on sid, BTW. hth A
signature.asc
Description: Digital signature
