Retina Macbook Unencrypted vs Filevault 2 Performance

Discussion in 'MacBook Pro' started by heresjohnny, Jul 12, 2012.

  1. heresjohnny macrumors member

    Joined:
    Mar 20, 2010
    #1
    Hi,

    I always use filevault, and I've seen some people asking around for performance comparions on the rMBP for with filevault vs without.

    I ran xbench before enabling filevault, and then again after. Not the greatest test, but here it is.


    Before:
    Results 469.80
    System Info
    Xbench Version 1.3
    System Version 10.8 (12A269)
    Physical RAM 16384 MB
    Model MacBookPro10,1
    Drive Type APPLE SSD SM512E
    Disk Test 469.80
    Sequential 304.10
    Uncached Write 715.73 439.45 MB/sec [4K blocks]
    Uncached Write 508.93 287.95 MB/sec [256K blocks]
    Uncached Read 122.29 35.79 MB/sec [4K blocks]
    Uncached Read 619.53 311.37 MB/sec [256K blocks]
    Random 1032.24
    Uncached Write 875.78 92.71 MB/sec [4K blocks]
    Uncached Write 787.50 252.11 MB/sec [256K blocks]
    Uncached Read 2190.91 15.53 MB/sec [4K blocks]
    Uncached Read 993.09 184.28 MB/sec [256K blocks]




    After:
    Results 406.87
    System Info
    Xbench Version 1.3
    System Version 10.8 (12A269)
    Physical RAM 16384 MB
    Model MacBookPro10,1
    Drive Type MBP15
    Disk Test 406.87
    Sequential 254.88
    Uncached Write 713.24 437.92 MB/sec [4K blocks]
    Uncached Write 491.16 277.90 MB/sec [256K blocks]
    Uncached Read 93.32 27.31 MB/sec [4K blocks]
    Uncached Read 649.65 326.51 MB/sec [256K blocks]
    Random 1007.89
    Uncached Write 800.64 84.76 MB/sec [4K blocks]
    Uncached Write 829.20 265.46 MB/sec [256K blocks]
    Uncached Read 1812.71 12.85 MB/sec [4K blocks]
    Uncached Read 1039.45 192.88 MB/sec [256K blocks]
     
  2. vanc macrumors 6502

    Joined:
    Nov 21, 2007
    #2
    It's surprisingly fast. I'm now enabling FileVault.

    Intel's CPU supports hardware AES encryption, since Sandy Bridge. That could explain why the performance was so good.
     
  3. Aodhan macrumors regular

    Joined:
    Jun 16, 2012
    #3
    I have always used Filevault and considered it the cornerstone of my security plan. But I have recently read somewhere that unless I shut my machine down completely, Filevault is ineffective. Because I keep my computer in a BookArc in clamshell mode, turning it off would mean pulling it out, opening it up, starting it up, and logging in, and then putting it back in the BookArc. Bit of a hassle. I don't know now what to think about Filevault.

    At least I know now that I am not taking a huge performance hit for having it on, even if it isn't doing me much good.
     
  4. Gregintosh macrumors 68000

    Joined:
    Jan 29, 2008
    Location:
    Chicago
    #4
    Unless you are in some high level position where you are targeted by spies, chances are any would be thieves just want your computer for their own use or resale on eBay/Craigslist.

    FileVault is good at protecting your data from those who would just casually come across your data during the course of such a thing.
     
  5. austinguy23 macrumors 6502a

    Joined:
    Oct 8, 2008
    #5
    Wirelessly posted

    It's true. Any full disk encryption (FDE) software is vulnerable to forensic tools when the computer is in sleep/hibernate mode. This is because the encryption keys can still be accessed when your computer is in that state. For FDE software to function properly, you must fully shut down you computer when not in use. Again, this is true of all FDE software, not just FileVault.
     
  6. TLewis macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #6
    I'm not sure this is true for the rMBP. The attack depends upon an active firewire port during suspend, and the rMBP doesn't have one, except via thunderbolt. Does anyone know if the rMBP thunderbolt-to-firewire port is active during suspend?
     
  7. RabidMacFan macrumors regular

    Joined:
    Jun 19, 2012
    Location:
    California
    #7
    The same attack can be performed against Thunderbolt too, because it has Direct Memory Access just like FireWire. You can disable this and make your machine safer by enabling the EFI Firmware Password on your machine. It also requires you to enter a password before booting up from external drives.

    Another classic attack against encrypted machines is to take out the memory chips and read the data from there. Since the memory is soldered to the motherboard in the rMBP, I guess that rules out that attack.
     
  8. appletechpro macrumors regular

    Joined:
    Jun 26, 2012
    #8
    How would that be possible? RAM contents are volatile.
     
  9. fizzwinkus macrumors 6502a

    Joined:
    Jan 27, 2008
    #9
    freezing the ram chips before removing them gives you enough time to read their state before it decays - ram that is soldered on should defeat this technique.
     
  10. appletechpro macrumors regular

    Joined:
    Jun 26, 2012
    #10
    I don't see that as being practical at all. The only chance the attacker might have was if the system (case and all; RAM chips ready to be plucked) was already open and ready to be shut down by said attacker, in which case they already have the system powered on and in their possession.

    The second the system is powered off, there is a very, very, VERY narrow timeframe for any data whatsoever to be extracted from RAM via freezing it. So basically, if your system is already powered off for even 5 seconds and the attacker gets to it, there's no real chance in hell anything significant shall be recovered.

    Thoughts?
     
  11. theAXEDhead macrumors member

    Joined:
    Jun 25, 2012
    #11
    Excellent details

    Many thanks for taking the time to run these tests and post these details. I for one had these questions. It appears that you saw a 15-16% performance hit, which you guys are finding acceptable. I am looking to implement encryption purely so that I have a secure way to wipe the computer prior to some expected future sale, and I understand on SDDs the only real way to do that is through encryption and removal of the keys.
     
  12. darwinian macrumors 6502a

    darwinian

    Joined:
    Jan 4, 2008
    Location:
    In R4, more or less
    #12
    Thanks for posting this. I am also in the camp that uses FileVault and am perfectly happy with the possibility of a performance tradeoff. I had a slight scare because something about XQuartz/X11 appeared to break around the time of the encryption, so some of the software on which I rely was hopelessly broken. At first I thought it had to do with FileVault, but I was not able to confirm that, and now after reinstating FileVault and reinstalling XQuartz, all is well.
     
  13. RabidMacFan macrumors regular

    Joined:
    Jun 19, 2012
    Location:
    California
    #13
    Maybe it's a fluke, but my flash storage speeds are actually faster with FileVault enabled. rMBP 2.6Ghz / 16Gb / 512 GB Flash

    Without FileVault 2:
    [​IMG]

    With FileVault 2:
    [​IMG]
     
  14. heresjohnny thread starter macrumors member

    Joined:
    Mar 20, 2010
    #14
    Here is the same process, on a new 768MB rMBP. Just figured I'd add more data to the thread.

    BEFORE:
    Results 481.85
    System Info
    Xbench Version 1.3
    System Version 10.8 (12A269)
    Physical RAM 16384 MB
    Model MacBookPro10,1
    Drive Type APPLE SSD SM768E
    Disk Test 481.85
    Sequential 341.32
    Uncached Write 659.55 404.96 MB/sec [4K blocks]
    Uncached Write 506.15 286.38 MB/sec [256K blocks]
    Uncached Read 148.59 43.48 MB/sec [4K blocks]
    Uncached Read 667.88 335.67 MB/sec [256K blocks]
    Random 819.10
    Uncached Write 565.03 59.82 MB/sec [4K blocks]
    Uncached Write 614.50 196.72 MB/sec [256K blocks]
    Uncached Read 2244.54 15.91 MB/sec [4K blocks]
    Uncached Read 960.85 178.29 MB/sec [256K blocks]

    ONE DAY AFTER ENABLING FV2:
    Results 393.59
    System Info
    Xbench Version 1.3
    System Version 10.8 (12A269)
    Physical RAM 16384 MB
    Model MacBookPro10,1
    Drive Type BW15r
    Disk Test 393.59
    Sequential 261.58
    Uncached Write 669.76 411.23 MB/sec [4K blocks]
    Uncached Write 477.97 270.43 MB/sec [256K blocks]
    Uncached Read 98.02 28.69 MB/sec [4K blocks]
    Uncached Read 664.58 334.01 MB/sec [256K blocks]
    Random 794.61
    Uncached Write 563.50 59.65 MB/sec [4K blocks]
    Uncached Write 588.50 188.40 MB/sec [256K blocks]
    Uncached Read 1871.76 13.26 MB/sec [4K blocks]
    Uncached Read 974.85 180.89 MB/sec [256K blocks]
     
  15. oschrenk macrumors newbie

    Joined:
    May 29, 2012
    #15
    How long did it take for the initial encryption of the disk? I am planning to employ FileVault 2 on the 256GB rMBP.
     
  16. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    It will depend on how much data is on the drive. My 2012 MBA 13" encrypted to FV2 with 60GB used in about 45 minutes.

    OP>> Thanks for posting this. Good info.
     
  17. oschrenk macrumors newbie

    Joined:
    May 29, 2012
    #17
    Good to hear. I was hearing number up to 16 hours. As I would encrypt only the base installation of OSX 10.8 it shouldn't take too long.
     
  18. brennj4 macrumors newbie

    Joined:
    Mar 15, 2009
    #18
    The trick I have seen successfully used is using compressed air turned upside down to rapidly bring down the temp of the chips while they are still powered on. The attacker then has approximately 10 seconds to transfer the chips into another machine that will supply power to keep the contents of the memory intact. I agree that it is an implausible attack for the most part, and one that requires a very specific set of circumstances, tools, and skills. With that said though, it is indeed very possible.
     
  19. Samuel Gordon macrumors member

    Joined:
    Aug 29, 2008
    Location:
    Czech Republic
    #19
    Another comparison (MacBook Pro Retina 13" Late 2013 512GB SSD)

    Without FileVault 2:

    Results 887.96
    System Info
    Xbench Version 1.3
    System Version 10.9 (13A2093)
    Physical RAM 8192 MB
    Model MacBookPro11,1
    Drive Type APPLE SSD SM0512F
    Disk Test 887.96
    Sequential 593.16
    Uncached Write 1328.64 815.76 MB/sec [4K blocks]
    Uncached Write 758.86 429.36 MB/sec [256K blocks]
    Uncached Read 286.04 83.71 MB/sec [4K blocks]
    Uncached Read 849.55 426.98 MB/sec [256K blocks]
    Random 1765.33
    Uncached Write 1689.60 178.86 MB/sec [4K blocks]
    Uncached Write 1379.81 441.73 MB/sec [256K blocks]
    Uncached Read 3716.48 26.34 MB/sec [4K blocks]
    Uncached Read 1470.16 272.80 MB/sec [256K blocks]

    With FileVault 2:

    Results 764.05
    System Info
    Xbench Version 1.3
    System Version 10.9 (13A2093)
    Physical RAM 8192 MB
    Model MacBookPro11,1
    Drive Type Macintosh HD
    Disk Test 764.05
    Sequential 478.53
    Uncached Write 1276.63 783.83 MB/sec [4K blocks]
    Uncached Write 739.25 418.27 MB/sec [256K blocks]
    Uncached Read 194.03 56.78 MB/sec [4K blocks]
    Uncached Read 935.42 470.14 MB/sec [256K blocks]
    Random 1894.30
    Uncached Write 2491.38 263.74 MB/sec [4K blocks]
    Uncached Write 1376.54 440.68 MB/sec [256K blocks]
    Uncached Read 3202.83 22.70 MB/sec [4K blocks]
    Uncached Read 1489.14 276.32 MB/sec [256K blocks]
     
  20. benguild, Nov 26, 2013
    Last edited: Nov 26, 2013

    benguild macrumors 6502a

    Joined:
    Jul 29, 2003
    #20
    That's not entirely true.

    http://www.breaknenter.org/projects/inception/#OS_X

    ... I'm assuming that means that one can DMA your computer when it's unlocked, but not while it's asleep since the system is locked. No?


    EDIT:

    Actually, according to this:
    http://security.stackexchange.com/q...levault-2-while-the-computer-is-in-sleep-mode

    I don't understand why this wouldn't be turned on by default? What's the downside? ... I've read from other sources, though, that this command does not work on the rMBP. Maybe because of the SSD, and different sleep/hibernation practices? I haven't been able to verify.
     
  21. interfuse macrumors member

    Joined:
    Dec 18, 2006
    #21
    While FireWire & Thunderbolt provide DMA to your computer, MacBook Air users are totally safe from this attack as MBA's don't have Thunderbolt or FireWire connectivity - only USB, which does not provide DMA (USB connectivity goes via the CPU).


    Aside from the performance hit with disk encryption such as FileVault 2, is there any hit to battery performance considering the CPU & drive is doing more work to access your encrypted data?
     
  22. benguild macrumors 6502a

    Joined:
    Jul 29, 2003
    #22
    MacBook Air does have Thunderbolt. You are mistaken.
     

Share This Page