On Mon, May 18, 2020 at 06:21:10PM -0400, Mouse wrote: > >> Always encrypted swap would be even better but ... slow machines. > > Compared to the time required to put the pages out to disk? > > That comparison is relevant only if the system has nothing better to do > than wait for the page out/in. A few systems probably don't. Most, I > suspect, do, and if there _is_ something else the CPU could usefully be > doing, I suspect spending the (scarce) cycles there is preferable. > > At least for most systems. There certainly is a place for allowing the > admin to insist on encrypted swap even on slow machines.
I agree with both. Leave it an admin decision (and maybe default to "encrypt"). Also assume that it is possible to complete enough of /etc/rc.d without any swapping ;-} so a simple setting in /etc/sysctl.conf will do. I can run tests on slow + small memory machines (but not really sure what a good test would be - maybe compiling a few things with MAKE_JOBS >= 2 from pkgsrc?). Martin