Dear Community,
I have been researching the topic of performance and encryption for the last few days. The impetus was that I wanted to speed up decryption when starting the laptop.
In the end, I also got stuck in the archwiki performance optimisation guide and now have a few questions that I could not clarify for myself.
- Speed up LUKS
I found this thread where @dalto describes that grub cannot use acceleration when decrypting if /boot is encrypted.
So far so good.
I subsequently researched the consequences of a non-encrypted /boot.
The bottom line seems to be that it is not a big deal to use unencrypted /boot if you only want to protect yourself against casual thieves or nosy people with M2-USB adapters.
If I accept the lower security of unencrypted /boot, what would be the procedure for installing EOS with the rest being encrypted?
Is there now a completely different, more elegant solution?
-
Speed up boot
Is there any boost - especially in boot performance - to be expected by switching from grub to systemd boot?
The “btrfs snapshot available at grub” thing is quite nice, but honestly I never had to use it. -
I already turned off the exploit mitigations and this gave a really noticeable boost in normal workflow. (See these benchmarks, especially with my 8th gen intel)
Thank you very much! 
inxi -Fz
[jannisf@t480s ~]$ inxi -Fz
System:
Kernel: 6.4.11-arch2-1 arch: x86_64 bits: 64 Desktop: KDE Plasma v: 5.27.7
Distro: EndeavourOS
Machine:
Type: Laptop System: LENOVO product: 20L8S9GC00 v: ThinkPad T480s
serial:
Mobo: LENOVO model: 20L8S9GC00 v: SDK0J40697 WIN
serial: UEFI: LENOVO v: N22ET75W (1.52 )
date: 09/28/2022
Battery:
ID-1: BAT0 charge: 51.0 Wh (100.0%) condition: 51.0/57.0 Wh (89.6%)
CPU:
Info: quad core model: Intel Core i5-8350U bits: 64 type: MT MCP cache:
L2: 1024 KiB
Speed (MHz): avg: 1636 min/max: 400/3600 cores: 1: 1129 2: 1900 3: 1900
4: 1900 5: 1900 6: 1900 7: 563 8: 1900
Graphics:
Device-1: Intel UHD Graphics 620 driver: i915 v: kernel
Device-2: Chicony Integrated Camera (1280x720@30) driver: uvcvideo
type: USB
Display: wayland server: X.org v: 1.21.1.8 with: Xwayland v: 23.2.0
compositor: kwin_wayland driver: X: loaded: intel unloaded: modesetting
dri: i965 gpu: i915 resolution: 2560x1440
API: OpenGL v: 4.6 Mesa 23.1.6 renderer: Mesa Intel UHD Graphics 620 (KBL
GT2)
Audio:
Device-1: Intel Sunrise Point-LP HD Audio driver: snd_hda_intel
Device-2: Lenovo ThinkPad Thunderbolt 3 Dock Audio
driver: hid-generic,snd-usb-audio,usbhid type: USB
API: ALSA v: k6.4.11-arch2-1 status: kernel-api
Server-1: PipeWire v: 0.3.77 status: active
Network:
Device-1: Intel Ethernet I219-LM driver: e1000e
IF: enp0s31f6 state: down mac:
Device-2: Intel Wireless 8265 / 8275 driver: iwlwifi
IF: wlan0 state: up mac:
Device-3: Lenovo ThinkPad TBT3 LAN driver: r8152 type: USB
IF: enp11s0u1 state: down mac:
Bluetooth:
Device-1: Intel Bluetooth wireless interface driver: btusb type: USB
Report: btmgmt ID: hci0 state: up address: bt-v: 4.2
Drives:
Local Storage: total: 476.95 GiB used: 133.33 GiB (28.0%)
ID-1: /dev/nvme0n1 vendor: Western Digital model: PC SN520
SDAPMUW-256G-1101 size: 238.47 GiB
ID-2: /dev/nvme1n1 vendor: Lenovo model: LENSE30256GMSP34MEAT3TA
size: 238.47 GiB
Partition:
ID-1: / size: 238.08 GiB used: 133.33 GiB (56.0%) fs: btrfs dev: /dev/dm-0
ID-2: /boot/efi size: 399.2 MiB used: 1.1 MiB (0.3%) fs: vfat
dev: /dev/nvme1n1p1
ID-3: /home size: 238.08 GiB used: 133.33 GiB (56.0%) fs: btrfs
dev: /dev/dm-0
ID-4: /var/log size: 238.08 GiB used: 133.33 GiB (56.0%) fs: btrfs
dev: /dev/dm-0
Swap:
ID-1: swap-1 type: file size: 11 GiB used: 65 MiB (0.6%)
file: /swap/swapfile
Sensors:
System Temperatures: cpu: 43.0 C pch: 40.0 C mobo: N/A
Fan Speeds (rpm): fan-1: 0
Info:
Processes: 228 Uptime: 23m Memory: total: 8 GiB note: est.
available: 7.51 GiB used: 2.91 GiB (38.7%) Shell: Bash inxi: 3.3.29
