As you can format a LUKS volume with any filesystem you want, are certain filesystems better-suited to IO performance against an encrypted filesystem? Specifically, I'm wondering about a loop device with a file sitting on an ext4
partition. As all data written to the filesystem is encrypted, do certain filesystems write less metadata or write it more efficiently? Would zfs
or ext2
/ ext3
perform better than ext4
on an encrypted loopback filesystem?
I've been running LUKS encrypted filesystems for over a decade, with ext2/3/4, XFS, ZFS and maybe some other filesystems I've forgotten about. While I don't have any benchmarks handy, I do have a few notes to share:
The only real performance issue you have with LUKS is the encryption and decryption itself. This introduces some latency to the process and has the potential to make disk I/O CPU-bound. On older systems without hardware AES acceleration on-chip, this was a significant issue. Today, as long as you have AES-NI in your processor and a kernel from this decade, it's almost unnoticeable for moderate workloads. Better still if you have a recent (3.x+?) kernel which can do crypto in multiple kernel threads.