How Slow is Lion's File Vault 2?
Mac OS X 10.7 Lion introduced File Fault 2, a whole-partition encryption scheme. Depending on your disk and CPU, encryption may causes a significant performance hit.
Here’s how to compare the speed of disk access once you have enabled encryption with the speed without encryption.
NoteWe will use `dd`, a tool well known to any command line geek as potentially extremely dangerous. Make sure to identify the disks you are operating on properly and especially to ensure that you have exactly one parameter `of` and that it looks like this: `of=/dev/null`. Be sure to have a full, complete, and working backup of your entire disk, not just the most important documents. A typo can and will destroy all your data in a split second. In the following, ensure to disconnect any and all disks except your main OS X Lion system disk. Then reboot.
With that out of the way, let’s get to work.
First, verify that your physical hard drive is
disk0 and the decrypted volume is
% diskutil list /dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *250.1 GB disk0 1: EFI 209.7 MB disk0s1 2: Apple_CoreStorage 249.2 GB disk0s2 3: Apple_Boot Recovery HD 650.0 MB disk0s3 /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: Apple_HFS macosx *248.9 GB disk1
As you can see, there are two disks,
disk1. In my case,
disk1 is called “macosx” and it is my Lion system disk. However, it is not a physical disk but rather the decrypted volume hosted in the physical
Apple_CoreStorage partition of
disk0, referred to as
To verify that
disk1 is in fact mounted as the root file system, run
% mount /dev/disk1 on / (hfs, local, journaled) devfs on /dev (devfs, local, nobrowse) map -hosts on /net (autofs, nosuid, automounted, nobrowse) map auto_home on /home (autofs, automounted, no browse)
Further, to see that
disk1 is indeed a core storage logical volume, run
diskutil cs info disk1:
% diskutil cs info disk1 Core Storage Properties: Role: Logical Volume (LV) UUID: XXXXXXXX-392A-46F8-8BA0-YYYYYYYYYYYY Parent LVF UUID: XXXXXXXX-45EC-437E-9085-YYYYYYYYYYYY Parent LVG UUID: XXXXXXXX-6AA4-485F-B946-YYYYYYYYYYYY Device Identifier: disk1 LV Status: Online Conversion Status: Complete Content Hint: Apple_HFS LV Name: macosx Volume Name: macosx LV Size: 248880820224 B
Now let us run some read tests on the physical disk, identified as
/dev/rdisk0. Note that writing just a few bytes to this device may render your entire disk un-decryptable.
First, become root, then run the following command:
time dd if=/dev/rdisk0 of=/dev/null bs=4k count=262144. This reads 1GiB from the raw disk and discards it (
of=/dev/null), using a block size of 4kiB.
(If you don’t know how to become root, this hint is not for you.)
# time dd if=/dev/rdisk0 of=/dev/null bs=4k count=262144 262144+0 records in 262144+0 records out 1073741824 bytes transferred in 100.246021 secs (10711067 bytes/sec) dd if=/dev/rdisk0 of=/dev/null bs=4k count=262144 0.58s user 15.18s system 15% cpu 1:40.25 total
As you can see,
dd reports “10711067 bytes/sec”. Obviously, the disk is limited by the number of I/O operations it can perform per second. Let’s compare this with 64kiB blocks by running
time dd if=/dev/rdisk0 of=/dev/null bs=64k count=32768:
# time dd if=/dev/rdisk0 of=/dev/null bs=64k count=32768 32768+0 records in 32768+0 records out 2147483648 bytes transferred in 34.796618 secs (61715298 bytes/sec) dd if=/dev/rdisk0 of=/dev/null bs=64k count=32768 0.08s user 2.38s system 7% cpu 34.800 total
Now we pretty much observe the raw read rate, reported by
dd “61715298 bytes/sec”.
For comparison, run the same tests on
disk1, the decrypted system disk.
Run the following command:
time dd if=/dev/rdisk1 of=/dev/null bs=4k count=262144, now reading 1GiB of data from the decrypted disk in 4kiB blocks:
# time dd if=/dev/rdisk1 of=/dev/null bs=4k count=262144 262144+0 records in 262144+0 records out 1073741824 bytes transferred in 116.546454 secs (9212994 bytes/sec) dd if=/dev/rdisk1 of=/dev/null bs=4k count=262144 0.79s user 17.89s system 16% cpu 1:56.55 total
Then, again for 64kiB block size:
time dd if=/dev/rdisk1 of=/dev/null bs=64k count=32768
# time dd if=/dev/rdisk1 of=/dev/null bs=64k count=32768 32768+0 records in 32768+0 records out 2147483648 bytes transferred in 42.686829 secs (50307875 bytes/sec) dd if=/dev/rdisk1 of=/dev/null bs=64k count=32768 0.03s user 1.03s system 2% cpu 42.690 total