aboutsummaryrefslogtreecommitdiff
path: root/lib/geom/eli/geli.8
diff options
context:
space:
mode:
Diffstat (limited to 'lib/geom/eli/geli.8')
-rw-r--r--lib/geom/eli/geli.846
1 files changed, 43 insertions, 3 deletions
diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
index c378c591290c..098ba4d0485e 100644
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd April 18, 2022
+.Dd April 24, 2024
.Dt GELI 8
.Os
.Sh NAME
@@ -851,6 +851,15 @@ This variable should be set in
Specifies how many times the Master Key is overwritten
with random values when it is destroyed.
After this operation it is filled with zeros.
+.It Va kern.geom.eli.use_uma_bytes
+.Nm
+must allocate a buffer for every write operation, used when performing
+encryption.
+This sysctl reports the maximum size in bytes for which geli will perform the
+allocation using
+.Xr UMA 9 ,
+as opposed to
+.Xr malloc 9 .
.It Va kern.geom.eli.visible_passphrase : No 0
If set to 1, the passphrase entered on boot will be visible.
This alternative should be used with caution as the entered
@@ -863,11 +872,14 @@ Specifies how many kernel threads should be used for doing software
cryptography.
Its purpose is to increase performance on SMP systems.
If set to 0, a CPU-pinned thread will be started for every active CPU.
+Note that this variable must be set prior to attaching
+.Nm
+to a disk.
.It Va kern.geom.eli.batch : No 0
When set to 1, can speed-up crypto operations by using batching.
Batching reduces the number of interrupts by responding to a group of
crypto requests with one interrupt.
-The crypto card and the driver has to support this feature.
+The crypto card and the driver have to support this feature.
.It Va kern.geom.eli.key_cache_limit : No 8192
Specifies how many Data Keys to cache.
The default limit
@@ -884,13 +896,41 @@ Reports how many times we were looking up a Data Key and it was not in cache.
This sysctl is not updated for providers that need fewer Data Keys than the limit
specified in
.Va kern.geom.eli.key_cache_limit .
-.Va kern.geom.eli.unmapped_io
+.It Va kern.geom.eli.unmapped_io
Enable support for unmapped I/O buffers, currently implemented only on 64-bit
platforms.
This is an optimization which reduces the overhead of I/O processing.
This variable is intended for debugging purposes and must be set in
.Pa /boot/loader.conf .
.El
+.Sh PERFORMANCE CONSIDERATIONS
+The default value of
+.Va kern.geom.eli.threads
+is usually good for a system with one SSD.
+However, it may need to be lowered on systems with many disks,
+so as to avoid creating too much thread-switching overhead.
+On systems with more disks than CPUs, it's best to set this variable
+to 1.
+.Pp
+.Nm
+internally uses
+.Xr malloc 9
+to allocate memory for operations larger than
+.Va kern.geom.eli.use_uma_bytes ,
+but malloc is slow for allocations larger than
+.Va vm.kmem_zmax .
+So it's best to avoid writing more than
+.Ms MAX(kern.geom.eli.use_uma_bytes, vm.kmem_zmax)
+in a single write operation.
+On systems that format
+.Xr zfs 4
+on top of
+.Nm ,
+the maximum write size can be controlled by
+.Va vfs.zfs.vdev.aggregation_limit
+and
+.Va vfs.zfs.vdev.aggregation_limit_non_rotating
+for HDDs and SSDs, respectively.
.Sh EXIT STATUS
Exit status is 0 on success, and 1 if the command fails.
.Sh EXAMPLES
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 06:52:50 +0000