cryptsetup benchmark is a memory based test to compare different algorithms on your CPU. No disk I/O. Is your storage read/write speed so high that you could notice the difference in daily use? The real world average read/write speed you see without using encryption.
I see similar difference on a Zen 4 CPU with kernel 6.6.1. Including 512b because that's what you'd use in the real world.
Code: Select all
Encryption | mitigations off | mitigations on | difference
-------------+-----------------+----------------+------------
aes-xts 256b | 6791 MiB/s | 4508 MiB/s | -33.6%
aes-xts 512b | 5622 MiB/s | 4174 MiB/s | -25.8%
Decryption | mitigations off | mitigations on | difference
-------------+-----------------+----------------+------------
aes-xts 256b | 6701 MiB/s | 4484 MiB/s | -33.1%
aes-xts 512b | 5552 MiB/s | 4111 MiB/s | -26.0%
The impact is a little less bad with 512b, but yeah the latest CPU bug mitigations hurt. Well not really bugs probably — both Intel and AMD keep getting in the dirt because they're hoping they can safely take corners at extreme speeds without placing guard rails
I think you can selectively toggle each mitigation
https://docs.kernel.org/admin-guide/ker ... eters.html so it may be possible to just toggle the latest mitigation off and leave the rest on and see much smaller impact. (
lscpu also shows vulnerabilities and mitigations.)
Theoretically my SSD could read/write a bit faster than the numbers above, regardless of mitigations being on, but I don't trust the advertised "up to" read/write speeds to apply to my daily use
That's probably at high queue depth which I just don't have the workload for.
In short, I'm leaving mitigations on.
