we were able to significantly reduce CPU usage like this:
cryptsetup refresh --persistent --allow-discards --perf-no_read
_workqueue --perf-no_write_workqueue <name of encrypted mapping>
where the name of the encrypted mapping is /dev/mapper/<name> without the /dev/mapper
–allow-discards is optional, but a lot of SSDs will get really slow over time if you dont fstrim them and this lets you do that.
anyways this takes read CPU usage from 40-50% to more like 20-25%. it doesn’t speed up the encryption/decryption but it makes the CPU usage less so you arent slowing down other programs as much. it basically reduces some memcopies and marshalling some data around which is really beneficial on SSDs. --persistent means that you can run this once and its persistent. it doesnt speed things up but doesnt slow things down either. i recommend it so far.