* AES Encryption information
@ 2010-07-06 18:13 ReehanAhmedKhan I L
2010-07-06 18:52 ` Jeremy Fitzhardinge
0 siblings, 1 reply; 4+ messages in thread
From: ReehanAhmedKhan I L @ 2010-07-06 18:13 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 410 bytes --]
Hi All,
On creating a fully encrypted para-virtualised Xen guest system, is all the
data stored on the hard-disk fully encrypted? If so when is the encryption
done.
The shared memory is used to communicate between dom0 and domU. Is the
encryption done before data is put in the shared memory?
Does not the whole encryption procedure slow down the system?
--
Reehan Ahmed Khan IL
MT-2009046
+91-9342736116
[-- Attachment #1.2: Type: text/html, Size: 479 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: AES Encryption information
2010-07-06 18:13 AES Encryption information ReehanAhmedKhan I L
@ 2010-07-06 18:52 ` Jeremy Fitzhardinge
2010-07-07 11:28 ` Joanna Rutkowska
0 siblings, 1 reply; 4+ messages in thread
From: Jeremy Fitzhardinge @ 2010-07-06 18:52 UTC (permalink / raw)
To: ReehanAhmedKhan I L; +Cc: xen-devel
On 07/06/2010 11:13 AM, ReehanAhmedKhan I L wrote:
> On creating a fully encrypted para-virtualised Xen guest system, is
> all the data stored on the hard-disk fully encrypted? If so when is
> the encryption done.
> The shared memory is used to communicate between dom0 and domU. Is
> the encryption done before data is put in the shared memory?
> Does not the whole encryption procedure slow down the system?
Xen has no specific support for encrypting disk data. You can use
whatever mechanisms the dom0 and/or domU kernels support. If you're
using Linux, for example, you can configure your setup to encrypt within
the domU so that the dom0 domain only ever sees encrypted data, or you
can encrypt in dom0.
The performance effects really depend on your workload and system, but
my laptop with an encrypted ssd has used 19min 35s for disk encryption
over the last 13 days of uptime.
J
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: AES Encryption information
2010-07-06 18:52 ` Jeremy Fitzhardinge
@ 2010-07-07 11:28 ` Joanna Rutkowska
2010-07-07 16:42 ` Jeremy Fitzhardinge
0 siblings, 1 reply; 4+ messages in thread
From: Joanna Rutkowska @ 2010-07-07 11:28 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 1458 bytes --]
On 07/06/10 20:52, Jeremy Fitzhardinge wrote:
> On 07/06/2010 11:13 AM, ReehanAhmedKhan I L wrote:
>> On creating a fully encrypted para-virtualised Xen guest system, is
>> all the data stored on the hard-disk fully encrypted? If so when is
>> the encryption done.
>> The shared memory is used to communicate between dom0 and domU. Is
>> the encryption done before data is put in the shared memory?
>> Does not the whole encryption procedure slow down the system?
>
> Xen has no specific support for encrypting disk data. You can use
> whatever mechanisms the dom0 and/or domU kernels support. If you're
> using Linux, for example, you can configure your setup to encrypt within
> the domU so that the dom0 domain only ever sees encrypted data, or you
> can encrypt in dom0.
>
> The performance effects really depend on your workload and system, but
> my laptop with an encrypted ssd has used 19min 35s for disk encryption
> over the last 13 days of uptime.
>
I know this is really off-topic, but I'm curious whether you have a Core
i5/i7 processor with an AESNI instruction, and if you have, if you got
the aesni-intel module to work properly with your kernel?
I noticed that using LUKS with a very fast SSD, that normally could have
a read throughput of around 200MB/s, significantly limits the
performance down to around 80-100 MB/s, with the bottleneck being the
kcryptd process easting 100% CPU (core).
joanna.
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 226 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: AES Encryption information
2010-07-07 11:28 ` Joanna Rutkowska
@ 2010-07-07 16:42 ` Jeremy Fitzhardinge
0 siblings, 0 replies; 4+ messages in thread
From: Jeremy Fitzhardinge @ 2010-07-07 16:42 UTC (permalink / raw)
To: Joanna Rutkowska; +Cc: xen-devel
On 07/07/2010 04:28 AM, Joanna Rutkowska wrote:
> I know this is really off-topic, but I'm curious whether you have a Core
> i5/i7 processor with an AESNI instruction, and if you have, if you got
> the aesni-intel module to work properly with your kernel?
>
> I noticed that using LUKS with a very fast SSD, that normally could have
> a read throughput of around 200MB/s, significantly limits the
> performance down to around 80-100 MB/s, with the bottleneck being the
> kcryptd process easting 100% CPU (core).
>
No, this is a Core2 laptop. I don't do anything intensely IO bound on
it (mostly seek-bound stuff), so I wouldn't notice a kcryptd performance
regression too much. (Or, perhaps to be more accurate, when I switch to
ssd I also added encryption, so the ssd still seems like marvel of speed
compared to the hdd, even with the overhead.)
J
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-07-07 16:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-06 18:13 AES Encryption information ReehanAhmedKhan I L
2010-07-06 18:52 ` Jeremy Fitzhardinge
2010-07-07 11:28 ` Joanna Rutkowska
2010-07-07 16:42 ` Jeremy Fitzhardinge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).