Evaluate performance penalty of the recommended kernel options
a13xp0p0v opened this issue · comments
Alexander Popov commented
As the first step, @BlackIkeEagle made some performance tests and described the results in this article.
Alexander Popov commented
Create a solution for automating this process:
- Take defconfig as a basic kernel configuration.
- Build the Linux kernel.
- Start test system with this kernel (a hardware machine may give more consistent results than a virtual machine). If the system doesn't boot, go to step 6.
- Run the chosen performance tests (hackbench, kernel compilation, network throughput evaluation, etc).
- Save the test results.
- Set another kernel option from the kconfig-hardened-check json output and go to step 2 (see #67). If all recommendations are already tested, then proceed to step 7.
- Analyze the results of the performance testing.
That approach would save us from plenty of boring manual routine.
Alexander Popov commented
Similar performance testing of a group of security hardening options may give interesting results as well.