Thanks mntn, for your thorough testing and considerations of alternative approaches to VM FDE based on the file vault!
What you discovered is a known shortcoming of the current file-vault implementation: Performance optimization for heavy throughput as well as latency concerns were not yet addressed. For example, independent requests on the vault are not yet parallelized and base primitives (e.g., encryption) are not segmented and distributed on multiple CPUs. LUKS on the other experienced years of optimization in those regards.
The current work-in-progress is focused on reasonable complexity, robustness, and absence of errors of the underlying tresor library - the block-encryption layer. Common use cases comprise storage of credentials like wifi passwords or passphrases as well as journal/notes files that should be kept separate from VMs. Unfortunately, we are midway through replanning future file-vault activities as the main developer left the team after he passed the baton on to me. Also for me, the vault is a valuable asset of Genode but I've to admit that other tasks enjoy higher priority currently.
Regards