On Sun, May 17, 2015 at 12:20:52AM +0200, Fredrik Alm wrote: > I’ve seen a few “whole disk encryption” tutorials which puts the swap outside > of the partition used for the softraid encryption, since openbsd already > encrypts the swap partition anyway. I assume that by putting the swap inside > the encrypted partition, there will be performance penalties because > encryption is done twice? could someone shed a little light on this issue?
Keeping swap on the same disk as the root filesystem has some advantages. For historical reasons the system expects this in various places. More things (such as hibernate) will work out of the box this way. If you really need to avoid a performance hit on swap, I'd recommend you add more memory to the system. If that's impossible you can add an additional swap device from a non-softraid part of the disk and set it to higher priority than the default swap. See swapctl(8). The result could look something like this (sd2 being softraid crypto, sd0 being a swap partiion on bare disk): $ swapctl Device 512-blocks Used Avail Capacity Priority /dev/sd0b 16783136 0 16783136 0% 0 /dev/sd2b 16771863 0 16771863 0% 1 Total 33554999 0 33554999 0% Also note that if your machine suports aesni (AES cpu feature flag in dmesg) softraid encryption overhead is reduced by hardware crypto.
