LUKS encryption is super slow

Just curious on why EOS encryption method is super slow compare to archinstall script ?

My system literally takes good 5-15 secs extra each time I boot.

Just wanted to know if others even bother with encryption ?

Thanks

Are you using grub? Grub does the decryption without any hardware acceleration so it is very slow.

If you are using grub in both places, archinstall is possibly mounting the ESP on /boot so the images aren’t encrypted?

Yes using grub as I have grub-BTRFS package and from what I last read systemd boot doesn’t offer ability to boot into BTRFS snapshots?

I believe archinstall shows encryption screen after grub screen appears and same with Debian 12 install. Both relatively fast compared to EOS method.

Yes, that means that /boot is unencrypted.

If you use grub-btrfs that approach is problematic. If you try to boot or restore a snapshot from before a kernel update, you won’t be able to.

So an alternative would be to use systemd for speed/performance and use tty to restore snapshot in case since there is no systemd BTRFS support yet.

Thanks for the info

Systemd-boot is so much faster than grub with encryption enabled​:star_struck:

I think for BTRFS restore will have to be either from a running system or using the tty

I use systemd w/luks, and it s slow as f*&%. A while back I was told that grub was a faster boot than systemd. Now I don t know what to think.

grub is not faster than systemd-boot. I have never even seen anyone claim that.

Well I do not understand your previous comment then. Maybe you were being facetious?

Oh wait. That was not your comment. Sorry.

Either way it is the same, right?

“grub is not faster than systemd-boot” and “Systemd-boot is so much faster than grub” are not contradictory.

My system just hangs for good 10-15 sec when I had grub. I am using T480 Thinkpad i5 and 16GB ram.

These are different disks/encrypted volumes made by different installers(?), because the time can vary significantly by algorithm and settings for decrypting the initial password.

More time being a desired feature here because it makes it harder to crack the password.

My guess would be that the different installers have different LUKS defaults. You can compare the key-slots with # cryptsetup luksDump /dev/<luks device>

PS: Everything is encrypted here. For me there has to be a very specific reason to leave any storage unencrypted.

1 Like

Agreed. But someone, (that I can t find now,) on this forum told me grub was faster. At-any-rate, how do I tell which is booting my system? I run:

$ efibootmgr
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001
Boot0001* endeavouros HD(1,GPT,be40b7d4-25e1-7b4f-86df-98d721597997,0x1000,0x1f4000)/\EFI\endeavouros\grubx64.efi

I think that s telling me it s booting with grub. If not how do I tell?