Can I speed up Grub boot when using full disk encryption?


I’m new to OpenSUSE and have installed OpenSUSE Tumbleweed. I enabled full disk encryption during the install process. Is it normal for it to take ~45 seconds from entering my password for Grub to when the Grub menu shows up? Is there anyway to speed this up? Can/does this process use hardware acceleration (ie. AES-NI)?

Once the kernel boots and I’m asked for my password again, it takes ~5 or so seconds to boot into the login screen.

Thank you.

Most of the time taken is due to grub locating the disk partition for crypto, and then reading the filesystem structures on that disk after you have provided the password. To access the disk, grub makes calls to the BIOS, and these are slow. That’s the main cause of the slowdown.

I think you are talking about hardware acceleration for the crypto. I doubt that will make a noticeable difference.

The reason it is all faster once the kernel is loaded, is that kernel access to the disks is more efficient than BIOS access to the disks.

An additional comment here.

I just timed this on one of my systems. The particular system is a Lenovo ThinkServer. There is no hardware acceleration for crypto on this system.

It took 4 seconds for the grub menu to appear. I timed that from when I hit ENTER (after typing in the crypto passphrase) until the grub menu showed up. It may have been 3.5 seconds, but it is hard to time that accurately.

It does take noticeably longer on a system that I have running in a KVM virtual machine, though I have not actually timed that.

What could account for the difference:
(1) I am using UEFI booting, but secure-boot is currently disabled;
(2) I am using “ext4” rather than “btrfs”;
(3) I was booting Leap 15.0, but that should not make any difference since we are still in grub and have not loaded the operating system at this stage.

My personal opinion – “ext4” rather than “btrfs” may make a noticeable difference, but probably not close to the whole story. The difference in speed between BIOS implementations or UEFI implementations is probably the main difference

Thanks for the information. Searching around it does seem Grub is generally slow for encrypted /boot. Also, if it’s a BIOS/UEFI thing, then I can’t do much there either. I’m also using UEFI booting with secure-boot disabled. Since I just used the default install options, I’m using Btrfs.

I’m also guessing my relatively slow Celeron CPU isn’t helping either.