![]() T2 Intel and Apple silicon Macs invariably encrypt the Data volume on their internal SSD adding the protection of FileVault’s password comes at no cost.In most circumstances, reduced performance shouldn’t be a reason for not protecting sensitive data using APFS encrypted volumes. There’s no simple way to tease potential causes apart.Īlthough these tests were performed using a fast Apple silicon Mac with no other significant load, many Intel processors integrate support for AES encryption into their instruction set, and should deliver good performance when encrypting and decrypting. In theory, the problem could lie anywhere between macOS and the SSD itself, although my suspicions remain with the Thunderbolt controller used in the peripheral. Neither can I explain why some fast, reputable SSDs appear to be liable to write speed reduction when connected via a hub, or encrypted. However, you only need to measure write speed, and the size of the differences is such that a quick informal test should suffice. What I can’t tell you is how to distinguish these without running tests. At the other extreme, another SSD read at full speed, but wrote significantly slower, whether direct or via a hub. ![]() What is the overhead to encryption?īy chance, the SSDs tested show a full spectrum, ranging from one that read and wrote at a full 2.8 GB/s whether to plain APFS or APFS encrypted, regardless of being connected direct to a port on the Mac, or via a hub. However, with encryption, further slowing was seen in Disk A, to 55% of its write speed to plain APFS when connected direct to a port on that Mac. Write speeds of both Disks A and B show the same reduction when connected via a Thunderbolt hub as reported previously. Measured speeds in the same units and format were: Only one write speed shows any significant change, a fall from 2.2 to 1.8 GB/s, with the encrypted volume being 82% of the speed of plain APFS. Measured speeds, given as GB/s for read / write, were: Speeds were measured using the standard options in my free app Stibium, in each case over 160 files ranging in size from 2 MB to 2 GB, in random order, giving a total of 53 GB of test files. This article reports estimates of the effect of reading from and writing to APFS encrypted volumes on three different high-speed Thunderbolt 3 SSDs, when connected direct to a Mac Studio M1 Max, and via a Thunderbolt 4 hub. When Apple first introduced whole-volume encryption, some considered it incurred a significant performance penalty, but more recent reports suggest that may be almost unnoticeable, at around 3-5% or less. If you want to store your backups securely or keep sensitive data safe, that encryption won’t be performed by the T2 chip or the Secure Enclave built into M-series chips. On all Macs, regardless of processor, using APFS Encrypted volumes brings overhead. ![]() ![]() Whether or not you turn FileVault on, the T2 chip and M-series chips always encrypt Data volumes on the internal SSD, so enabling FileVault there incurs no penalty on internal storage. ![]() Intel Macs with a T2 chip and all Apple silicon Macs offer two types of encryption for APFS volumes: FileVault on the internal SSD encrypts the Data (and, in Catalina, the System) volume using hardware and encryption keys in the Secure Enclave, while APFS Encrypted volumes on other storage use software and store their keys separately. ![]()
0 Comments
Leave a Reply. |