ESSTRA Vs. Non-ESSTRA Kernel Build: Speed & Size
This article presents a detailed comparison of Linux kernel build times and sizes when using ESSTRA (a security technology) versus a standard kernel build without ESSTRA. The data is based on benchmark tests conducted on a Dell desktop machine with specific hardware configurations. This analysis helps to understand the performance overhead and size implications of integrating ESSTRA into the kernel build process.
Test Environment
Before diving into the results, here’s a summary of the test environment:
- Machine: Dell desktop (x86_64)
- CPU: 16 cores
- RAM: 32GB
- Storage: 1.8TB drive with 188GB free space
- Kernel Build: Statically linked kernel binary image (vmlinux), without modules
- Configuration: Derived from the default Ubuntu 24.04 x86_64 config
Kernel Build Time Comparison
Let's examine the time it takes to build the kernel with and without ESSTRA. Understanding the build time overhead is crucial for developers and system administrators who frequently compile kernels.
Kernel Build Without ESSTRA
Here are the results from three separate runs of a kernel build without ESSTRA:
- 1st run:
- Real: 10m59.139s
- User: 110m50.858s
- 2nd run:
- Real: 11m4.708s
- User: 110m52.484s
- 3rd run:
- Real: 11m0.665s
- User: 110m55.890s
Average Build Time (Without ESSTRA):
- Real: 11m1s (661s)
- User: 110m53s (6603s)
Kernel Build With ESSTRA
Now, let’s look at the build times when ESSTRA is included:
- 1st run:
- Real: 12m29.011s
- User: 114m21.491s
- 2nd run:
- Real: 11m53.083s
- User: 114m50.584s
- 3rd run:
- Real: 11m48.747s
- User: 114m46.115s
Average Build Time (With ESSTRA):
- Real: 12m3s (723s)
- User: 114m39s (6879s)
Build Time Overhead Analysis
Based on these results, the kernel build overhead when using ESSTRA is approximately:
- 9.4% real time
- 4.2% CPU time (in user space)
The real time overhead suggests that the actual wall-clock time to build the kernel increases by about 9.4% when ESSTRA is enabled. This could be due to the additional processing and checks that ESSTRA performs during the build. The user time overhead, which represents the CPU time spent in user space, increases by about 4.2%. This indicates that ESSTRA adds some computational load during the build process, but it's relatively small compared to the overall build time. The added security features of ESSTRA might be worth the slight increase in build time, depending on the specific security needs and priorities.
Kernel Output File Size Comparison
Next, we'll analyze the impact of ESSTRA on the size of the kernel output files. File size is an important consideration, especially in embedded systems or environments with limited storage.
Kernel Size Without ESSTRA
Here are the sizes of the key kernel output files when building without ESSTRA (sizes in bytes unless otherwise specified):
- vmlinux: 453,766,632 (453M)
- arch/x86/boot/compressed/vmlinux: 14,100,280
- arch/x86/boot/compressed/vmlinux.bin: 56,626,008
- arch/x86/boot/compressed/vmlinux.bin.zst: 13,835,528
- arch/x86_64/boot/bzImage: 14,524,607
Kernel Size With ESSTRA
Now, let's look at the file sizes when ESSTRA is included:
- vmlinux: 766,636,328 bytes (766M)
- arch/x86/boot/compressed/vmlinux: 16,189,240
- arch/x86/boot/compressed/vmlinux.bin: 369,495,688
- arch/x86/boot/compressed/vmlinux.bin.zst: 14,453,836
- arch/x86/boot/bzImage: 16,613,567
Size Difference Analysis
The size of the extracted ESSTRA data (in raw format) for vmlinux was:
vmlinux.esstra-data: 155583207 bytes
There’s an approximately 310MB difference in size between the vmlinux file without ESSTRA data and the vmlinux file with ESSTRA data. This is suspiciously close to two times the size of the ESSTRA data. Further investigation is needed to determine the exact cause of the remaining size difference. It could be due to a duplicate .esstra section or some other padding that is .esstra-sized.
Analyzing the size differences in the kernel image with and without ESSTRA is vital for understanding the storage implications of enabling this security feature. The most significant increase is observed in the vmlinux file, which grows by approximately 310MB. This increase is roughly twice the size of the raw ESSTRA data, suggesting potential duplication or alignment-related padding within the ELF layout. This needs further investigation to optimize the size footprint of the ESSTRA-enabled kernel.
The other files, such as those in the arch/x86/boot/compressed/ directory and arch/x86_64/boot/bzImage, also show size increases, but they are relatively smaller compared to the vmlinux file. This implies that the majority of the ESSTRA-related data is embedded within the main kernel image.
The implications of this size increase depend on the specific use case. For systems with ample storage, the additional size might not be a significant concern. However, for embedded systems or devices with limited storage capacity, this increase could be a limiting factor. In such cases, it may be necessary to explore techniques for reducing the size of the ESSTRA data or optimizing the kernel configuration to minimize the overall size footprint.
Conclusion
In summary, integrating ESSTRA into the kernel build process introduces a measurable overhead in terms of both build time and output file size. The build time increases by approximately 9.4% in real time and 4.2% in CPU time. The size of the vmlinux file increases by about 310MB, with the raw ESSTRA data accounting for approximately half of this increase. While the performance impact is relatively small, the size increase may be a concern for systems with limited storage.
Further analysis is recommended to investigate the exact layout of the ELF file and identify potential areas for size optimization. Additionally, it would be beneficial to evaluate the security benefits of ESSTRA in the context of the specific use case to determine whether the overhead is justified.
'/><text x='50%' y='52%' font-family='Arial,Helvetica,sans-serif' font-size='44' fill='white' text-anchor='middle' dominant-baseline='middle'>Alex Johnson</text></svg>)
