I created whole FreeBSD Desktop series … but I never created an article describing how I run FreeBSD on my own daily driver – the Lenovo ThinkPad W520 from 2011 – the last one with the so much appreciated 7-row keyboard. In this article I will share how I configured FreeBSD to make the most of it. If you are curious why I use such old laptop then my older Epitaph to Laptops article explains that in detail.
This is the Table of Contents for this article.
- FreeBSD 13.1 on ThinkPad W520
- ThinkPad W520
- Specifications
- FreeBSD System Configuration
- Desktop Environment
- Openbox
- XFCE
- GNOME
- Accessories
- Smaller Power Supply
- Mouse Companion
- Two Additional USB 3.0 Ports
- Larger Custom Battery
- Experience
- Summary
ThinkPad W520
This machine was out-fucking-standing when it was released in 2011 … and expensive as hell also π With 4 physical cores and up to 32 GB RAM only a few laptops could compete with it – Dell Precision M4600 – also could do that back then … but not exactly the same. You see – the last Dell Precision to carry similar 7-row keyboard was Dell Precision M4500 – but that one was from 2010 and was able to pack only … 8 GB RAM (official) and 16 GB RAM (unofficial) – so its not a fair comparison. Today 11 years (!) later ThinkPad W520 is still very capable and powerful machine. The only thing that you may need to do is to replace the thermal paste. I also did that – Classic ThinkPad Thermal Paste Change – as described here.
To make you imagine how big that 11 years time span in IT is I will try to show you example with a car. Its like driving 30 years old Mercedes-Benz W124 from 1992 today because IT world and hardware changes and improves a lot faster then automobile industry. The Mercedes-Benz W124 with its indestructible automatic transmission and engine along with comfortable suspension and automatic air conditioning – offers daily experience not that far away from today’s cars – the meritum is definitely fulfilled. I know that from first hand since I owned one not that long ago. Not to mention its legendary reliability. Its also a car that is very liked by mechanics as its very ‘serviceable’ and has lots of space for everything. You do not need to disassemble entire front bumper and the headlight just to replace a broken light beam.
This is the same that I would say about ThinkPad W520 today. You can put three (!) storage devices at the same time. Two 2.5 SATA drives and one mSATA disk. Assuming you would use 8 TB 2.5 Samsung QVO drives and 2 TB mSATA drive you would have 18 TB of storage … in a 11 years old laptop. You can grow that to 19TB with 1TB SD card in the slot … and we even did not touched any USB ports yet. Today you are able to get ThinkPad W520 in nice condition for about $300 if you are not heisty and getting 32 GB of DDR3 RAM costs another $100 so its pretty affordable hardware.
Specifications
For the record below You will find specs of mine machine. I also added driver and/or package that is used to support these devices.
CPU: Intel Core i7-2820QM 2.30GHz (4C/8T) Sandy Bridge 32nm RAM: 32 GB (4 * 8GB DDR3) HDD0: 128GB mSATA Samsung PM830 (system) HDD1: 4 TB 2.5 SATA Samsung 860 QVO (data) GFX0: Intel HD Graphics 3000 (integrated) [graphics/drm-kmod] GFX1: Nvidia Quadro 2000M (discrete) [x11/nvidia-driver-390] {nvidia} SCR: 15.6 1920x1080 USB: 2 x USB 2.0 + 2 x USB 3.0 [ehci(4) + xhci(4)] AUDIO: Conexant CX20590 [snd_hda(4)] PORTS0: 1 x VGA PORTS1: 1 x DisplayPort PORTS2: 1 x eSata SD: Card Reader 5in1 [sdhci(4)] LAN: 10/100/1000 Intel 82579LM Gigabit [em(4)] WIFI: Intel Centrino Ultimate-N 6300 AGN 802.11n [iwn(4)] BT: Bluetooth 3.0 [ng_ubt(4)] CAM: Webcam 720p [multimedia/webcamd]
Articles such as this one often focuses on what works and is supported by FreeBSD and what is problematic or does not work at all. The very nice thing about ThinkPad W520 under FreeBSD command is that EVERYTHING works. From Bluetooth through Card Reader and also multiple suspend/resume cycles. I am doing months of uptime on that laptop and I reboot only when I need to update the system or I want to test something … but that often also does not need reboot now as you can just reroot into other BE as described in my other ZFS Boot Environments Revolutions article.
I do not need the compute power of discrete Nvidia Quadro 2000M card so I disabled it in the BIOS – but when I tried it with drivers from the FreeBSD Ports – everything worked as desired. I use integrated Intel HD Graphics 3000 which is more then enough for my needs. To be honest I would get ThinkPad T520 which can be bought with integrated graphics only but it has two downsides. The T520 does not have any USB 3.0 ports – that one I could probably live with but … it comes only with Dual Core CPUs. You can of course place a Quad Core CPU in it by yourself – but as W520 exist I do not see a reason not to get one π
FreeBSD System Configuration
From many things that I really like about FreeBSD (more here – Quare FreeBSD? – in separate article) is that it can be mostly configured using just 3 files. This configuration already features all power management settings that I described in the The Power to Serve β FreeBSD Power Management article.
I installed FreeBSD in a pretty standard way with GELI full disk encryption enabled and with ZFS as the filesystem as I can not live without ZFS Boot Environments. The FreeBSD installer automatically detects and applies the so called ‘Lenovo Fix‘. When in doubt the installation procedure is described in the FreeBSD Desktop β Part 2.1 β Install FreeBSD 12 article.
Main FreeBSD configuration files.
- /etc/rc.conf – system and services configuration
- /etc/sysctl.conf – runtime parameters configuration
- /boot/loader.conf – parameters configurable at boot
I will also include these below as they are also important:
- /etc/devfs.rules – devices configuration
- /etc/fstab – filesystems configuration
- /etc/ttys – terminal initialization configuration
- /etc/wpa_supplicant.conf – WiFi configuration
- /usr/local/etc/automount.conf – automount(8) configuration
- /usr/local/etc/doas.conf – doas(1) configuration
- id(1) groups membership
- /usr/local/etc/X11/xorg.conf.d/* – X11 configuration
First the main /etc/rc.conf configuration file.
% cat /etc/rc.conf
# SILENCE # ------------------------------------------------------------------
rc_startmsgs=NO
# NETWORK # ------------------------------------------------------------------
hostname=w520.local
background_dhclient=YES
extra_netfs_types=NFS
defaultroute_delay=3
defaultroute_carrier_delay=3
gateway_enable=YES
harvest_mask=351
rtsol_flags="-i"
rtsold_flags="-a -i"
# MODULES/COMMON/BASE # ------------------------------------------------------
kld_list="${kld_list} /boot/modules/i915kms.ko"
kld_list="${kld_list} fusefs coretemp sem cpuctl ichsmb cuse"
kld_list="${kld_list} libiconv cd9660_iconv msdosfs_iconv udf_iconv"
# MODULES/VIRTUALBOX # -------------------------------------------------------
vboxnet_enable=YES
kld_list="${kld_list} vboxdrv vboxnetadp vboxnetflt"
# POWER
performance_cx_lowest=C1
economy_cx_lowest=Cmax
powerd_enable=YES
powerd_flags="-n adaptive -a hiadaptive -b adaptive -m 800 -M 2000"
# DAEMONS | yes # ------------------------------------------------------------
zfs_enable=YES
xdm_enable=YES
xdm_tty=ttyv4
nfs_client_enable=YES
ubuntu_enable=YES
moused_enable=YES
syslogd_flags='-s -s'
sshd_enable=YES
local_unbound_enable=YES
webcamd_enable=YES
rctl_enable=YES
# DAEMONS | no # -------------------------------------------------------------
linux_enable=NO
sendmail_enable=NONE
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
# FS # -----------------------------------------------------------------------
fsck_y_enable=YES
clear_tmp_enable=YES
clear_tmp_X=YES
growfs_enable=YES
# OTHER # --------------------------------------------------------------------
keyrate=fast
keymap=pl.kbd
virecover_enable=NO
update_motd=NO
devfs_system_ruleset=desktop
hostid_enable=NO
savecore_enable=NO
Now the runtime parameters /etc/sysctl.conf file.
% cat /etc/sysctl.conf
# SECURITY
security.bsd.see_jail_proc=0
security.bsd.unprivileged_proc_debug=0
# SECURITY/RANDOM PID
kern.randompid=1
# ANNOYING THINGS
vfs.usermount=1
kern.coredump=0
hw.syscons.bell=0
kern.vt.enable_bell=0
# ZFS DELETE FUCKUP TRIM (DEFAULT: 64)
vfs.zfs.vdev.trim_max_active=1
# ZFS ARC TUNING
vfs.zfs.arc.min=134217728
vfs.zfs.arc.max=536870912
# ZFS ARC FREE ENFORCE @ 1024 \* 1024 \* 3
vfs.zfs.arc_free_target=3145728
# JAILS/ALLOW UPGRADES IN JAILS
security.jail.chflags_allowed=1
# JAILS/ALLOW RAW SOCKETS
security.jail.allow_raw_sockets=1
# DESKTOP/INTERACTIVITY
kern.sched.preempt_thresh=224
# DESKTOP QUANTUM FOR TIMESHARE THREADS IN stathz TICKS (12) NomadBSD
kern.sched.slice=3
# DESKTOP/IRIDIUM/CHROMIUM
kern.ipc.shm_allow_removed=1
# SAMPLE RATE CONVERTER QUALITY (0=low .. 4=high) (1) NomadBSD
hw.snd.feeder_rate_quality=3
# PERFORMANCE/ALL SHARED MEMORY SEGMENTS WILL BE MAPPED TO UNPAGEABLE RAM
kern.ipc.shm_use_phys=1
# VIRTUALBOX aio(4) SETTINGS
vfs.aio.max_buf_aio=8192
vfs.aio.max_aio_queue_per_proc=65536
vfs.aio.max_aio_per_proc=8192
vfs.aio.max_aio_queue=65536
# NETWORK/DO NOT SEND RST ON SEGMENTS TO CLOSED PORTS
net.inet.tcp.blackhole=2
# NETWORK/DO NOT SEND PORT UNREACHABLES FOR REFUSED CONNECTS
net.inet.udp.blackhole=1
# NETWORK/LIMIT ON SYN/ACK RETRANSMISSIONS (3)
net.inet.tcp.syncache.rexmtlimit=0
# NETWORK/USE TCP SYN COOKIES IF THE SYNCACHE OVERFLOWS (1)
net.inet.tcp.syncookies=0
# NETWORK/ASSIGN RANDOM ip_id VALUES (0)
net.inet.ip.random_id=1
# NETWORK/ENABLE SENDING IP REDIRECTS (1)
net.inet.ip.redirect=0
# NETWORK/IGNORE ICMP REDIRECTS (0)
net.inet.icmp.drop_redirect=1
# NETWORK/DROP TCP PACKETS WITH SYN+FIN SET (0)
net.inet.tcp.drop_synfin=1
# NETWORK/RECYCLE CLOSED FIN_WAIT_2 CONNECTIONS FASTER (0)
net.inet.tcp.fast_finwait2_recycle=1
# NETWORK/CERTAIN ICMP UNREACHABLE MESSAGES MAY ABORT CONNECTIONS IN SYN_SENT (1)
net.inet.tcp.icmp_may_rst=0
Now the boot parameters in /boot/loader.conf file.
% cat /boot/loader.conf
# CONSOLE COMMON
autoboot_delay=1 # OPTION '-1' MEANS NO WAIT AND 'NO' MEANS INFINITE WAIT
hw.usb.no_boot_wait=0 # DO NOT WAIT FOR USB DEVICES FOR ROOT (/) FILESYSTEM
boot_mute=YES # SAME AS '-m' IN LOADER - MUTE CONSOLE WITH FreeBSD LOGO
loader_logo=none # DESIRED LOGO: fbsdbw beastiebw beastie none
loader_menu_frame="none"
screen.font="6x12"
# CONSOLE RESOLUTION
efi_max_resolution="1920x1080"
# WINE FIX
machdep.max_ldt_segment=2048
# MODULES - BOOT
geom_eli_load=YES
zfs_load=YES
# drm-kmod PACKAGE - USE SEMAPHORES FOR INTER-RING SYNC
compat.linuxkpi.semaphores=1
# drm-kmod PACKAGE - ENABLE POWER-SAVING RENDER C-STATE 6
compat.linuxkpi.enable_rc6=7
# drm-kmod PACKAGE - ENABLE POWER-SAVING DISPLAY C-STATES
compat.linuxkpi.enable_dc=2
# drm-kmod PACKAGE - ENABLE FRAME BUFFER COMPRESSION FOR POWER SAVINGS
compat.linuxkpi.enable_fbc=1
# ENABLE SYNAPTICS
hw.psm.synaptics_support=1
# DISABLE /dev/diskid/* ENTRIES FOR DISKS
kern.geom.label.disk_ident.enable=0
# DISABLE /dev/gptid/* ENTRIES FOR DISKS
kern.geom.label.gptid.enable=0
# TERMINAL vt(4) COLORS
kern.vt.color.0.rgb="#000000"
kern.vt.color.1.rgb="#dc322f"
kern.vt.color.2.rgb="#859900"
kern.vt.color.3.rgb="#b58900"
kern.vt.color.4.rgb="#268bd2"
kern.vt.color.5.rgb="#ec0048"
kern.vt.color.6.rgb="#2aa198"
kern.vt.color.7.rgb="#94a3a5"
kern.vt.color.8.rgb="#586e75"
kern.vt.color.9.rgb="#cb4b16"
kern.vt.color.10.rgb="#859900"
kern.vt.color.11.rgb="#b58900"
kern.vt.color.12.rgb="#268bd2"
kern.vt.color.13.rgb="#d33682"
kern.vt.color.14.rgb="#2aa198"
kern.vt.color.15.rgb="#6c71c4"
# RACCT/RCTL RESOURCE LIMITS
kern.racct.enable=1
# DISABLE ZFS PREFETCH
vfs.zfs.prefetch_disable=1
# POWER MGMT / POWER OFF DEVICES WITHOUT ATTACHED DRIVER
hw.pci.do_power_nodriver=3
# POWER MANAGEMENT FOR EVERY USED AHCI CHANNEL (ahcich 0-7)
hint.ahcich.0.pm_level=5
hint.ahcich.1.pm_level=5
hint.ahcich.2.pm_level=5
hint.ahcich.3.pm_level=5
hint.ahcich.4.pm_level=5
hint.ahcich.5.pm_level=5
hint.ahcich.6.pm_level=5
hint.ahcich.7.pm_level=5
# GELI THREADS
kern.geom.eli.threads=4
Now the mentioned /etc/devfs.rules file.
% cat /etc/devfs.rules
[desktop=10]
add path 'acd*' mode 0660 group operator
add path 'cd*' mode 0660 group operator
add path 'da*' mode 0660 group operator
add path 'pass*' mode 0660 group operator
add path 'xpt*' mode 0660 group operator
add path 'fd*' mode 0660 group operator
add path 'md*' mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*' mode 0660 group operator
add path 'usb/*' mode 0660 group operator
add path 'video*' mode 0660 group operator
add path 'cuse*' mode 0660 group operator
add path 'lpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'unlpt*' mode 0660 group cups
Filesystems and SWAP configuration.
% cat /etc/fstab
# SWAP
/dev/gpt/swap0 none swap sw 0 0
# FreeBSD PSEUDO - NEEDED BY wine(1)
procfs /proc procfs rw 0 0
# Ubuntu Linux PSEUDO
linprocfs /compat/ubuntu/proc linprocfs rw,late 0 0
linsysfs /compat/ubuntu/sys linsysfs rw,late 0 0
devfs /compat/ubuntu/dev devfs rw,late 0 0
fdescfs /compat/ubuntu/dev/fd fdescfs rw,late,linrdlnk 0 0
tmpfs /compat/ubuntu/dev/shm tmpfs rw,late,size=1g,mode=1777 0 0
/home /compat/ubuntu/home nullfs rw,late 0 0
/tmp /compat/ubuntu/tmp nullfs rw,late 0 0
Terminals configuration under /etc/ttys file. Important part is the ttyv4 entry to match the xdm_tty=ttyv4 value from /etc/rc.conf file.
% grep '^[^#]' /etc/ttys | cat console none unknown off insecure ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure ttyv1 "/usr/libexec/getty Pc" xterm onifexists secure ttyv2 "/usr/libexec/getty Pc" xterm onifexists secure ttyv3 "/usr/libexec/getty Pc" xterm onifexists secure ttyv4 "/usr/libexec/getty Pc" xterm off secure ttyv5 "/usr/libexec/getty Pc" xterm off secure ttyv6 "/usr/libexec/getty Pc" xterm off secure ttyv7 "/usr/libexec/getty Pc" xterm off secure ttyv4 "/usr/local/bin/xdm -nodaemon" xterm off secure ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure ttyu1 "/usr/libexec/getty 3wire" vt100 onifconsole secure ttyu2 "/usr/libexec/getty 3wire" vt100 onifconsole secure ttyu3 "/usr/libexec/getty 3wire" vt100 onifconsole secure dcons "/usr/libexec/getty std.9600" vt100 off secure xc0 "/usr/libexec/getty Pc" xterm onifconsole secure rcons "/usr/libexec/getty std.9600" vt100 onifconsole secure
Wireless config – as an example for different network types. As you have seen I did not included any network information in the /etc/rc.conf file – this is because I use my own network.sh solution to connect to various both wire and wireless networks – FreeBSD Network Management with network.sh Script – described in detail here.
# cat /etc/wpa_supplicant.conf
# GENERAL
eapol_version=2
ap_scan=1
fast_reauth=1
# OPEN NETWORKS
network={
key_mgmt=NONE
priority=0
}
# NETWORK WITH HIDDEN SSID
network={
scan_ssid=1
ssid="hidden-network"
psk="12341234"
priority=0
}
# NAMED OPEN NETWORK
network={
ssid="Free_Internet"
key_mgmt=NONE
priority=0
}
# NORMAL WPA/WPA2 SECURED NETWORK
network={
ssid="SECURED"
psk="12345678"
}
The automount(8) config.
% cat /usr/local/etc/automount.conf
USERUMOUNT=YES
USER=vermaden
FM='caja --no-desktop'
NICENAMES=YES
The doas(1) configuration.
# cat /usr/local/etc/doas.conf
# CORE
permit nopass keepenv root as root
permit nopass keepenv vermaden as root
# THE network.sh SCRIPT
# pw groupmod network -m YOURUSERNAME
# cat /usr/local/etc/doas.conf
permit nopass :network as root cmd /etc/rc.d/netif args onerestart
permit nopass :network as root cmd /usr/sbin/service args squid onerestart
permit nopass :network as root cmd dhclient
permit nopass :network as root cmd ifconfig
permit nopass :network as root cmd killall args -9 dhclient
permit nopass :network as root cmd killall args -9 ppp
permit nopass :network as root cmd killall args -9 wpa_supplicant
permit nopass :network as root cmd ppp
permit nopass :network as root cmd route
permit nopass :network as root cmd tee args -a /etc/resolv.conf
permit nopass :network as root cmd tee args /etc/resolv.conf
permit nopass :network as root cmd umount
permit nopass :network as root cmd wpa_supplicant
Groups I am member of with id(1) output.
% id vermaden | tr ' ' '\n' | tr ',' '\n' uid=1000(vermaden) gid=1000(vermaden) groups=1000(vermaden) 0(wheel) 5(operator) 44(video) 69(network) 145(webcamd) 920(vboxusers)
Current X11 configuration.
% cat /usr/local/etc/X11/xorg.conf.d/card.conf Section "Device" Identifier "Card0" Option "DPMS" Driver "intel" Option "DRI" "3" Option "AccelMethod" "sna" Option "TearFree" "true" EndSection % cat /usr/local/etc/X11/xorg.conf.d/flags.conf Section "ServerFlags" Option "DontZap" "off" EndSection % cat /usr/local/etc/X11/xorg.conf.d/keyboard.conf Section "InputDevice" Identifier "Keyboard0" Driver "kbd" Option "XkbLayout" "pl" Option "XkbOptions" "terminate:ctrl_alt_bksp,ctrl:nocaps" EndSection % cat /usr/local/etc/X11/xorg.conf.d/touchpad.conf Section "InputClass" Identifier "touchpad" MatchIsTouchpad "on" Driver "libinput" Option "Tapping" "on" Option "NaturalScrolling" "on" EndSection
I also do not rely on ‘stock’ fan speeds and set my own speeds according to CPU temperature with acpi-thinkpad-fan.sh script.
Desktop Environment
Openbox
As for the ‘desktop environment’ that I use – its my custom setup with Openbox along with tools like Tint2 and Dzen2 – for the most basic setup. The screenshot is from FreeBSD 11.1 but it looks exactly the same today.
I described this setup in details in the entire FreeBSD Desktop series.
XFCE
I have also tried XFCE – I liked it especially with the Global Menu app-menu plugin. You go this way with this XFCE Cupertino Way handy guide.
GNOME
I also tried GNOME for a test – it did not suit me well so I went back to my Openbox setup – but You may find it more comfortable to use. Here is the FreeBSD GNOME 3 Fast Track article that will help you with that.
Accessories
There are some accessories that are very handy with the ThinkPad W520 laptop. I will describe them below.
Smaller Power Supply
The ThinkPad W520 comes with quite large brick of ThinkPad 170W Power Supply. It works. Its OK … but you can use smaller one and more universal at the same time. I use the ThinkPad 135W Power Supply that originally was sold with ThinkPad W510 – the earlier model. Besides being smaller in size it also has one additional advantage. Its plug is round and also fits into other ThinkPads from this line like ThinkPad X220 or ThinkPad T420s. The original ThinkPad 170W Power Supply unfortunately only fits into the ThinkPad W520 laptop. Below you can compare their sizes.
Mouse Companion
After checking many mouse models – as described in the UNIX Mouse Shootout article – I finally settled with Logitech Triathlon M720 mouse. I have plugged the Lenovo USB Receiver into the back ‘powered’ USB port. While I use that mouse over the USB receiver you can also connect it using Bluetooth – also to other computers. This mouse has a special dedicated button to switch between 3 different computers. Unfortunately the copy-paste between them does not work π
If you would like to ‘save’ that port for something else then you may use special USB board adapter that you will place in the Bluetooth module under the palm rest. You would loose Bluetooth support then of course – but not everyone uses that. Its available for example on Aliexpress site and looks like that.
I do not use it as I do not need the ‘back’ USB port so below you will find its mounted picture on the ThinkPad X220 laptop instead – along with the Lenovo USB Receiver attached.
Two Additional USB 3.0 Ports
The ThinkPad W520 comes with not well known today ExpressCard port. With this cheap adapter from Aliexpress you can add two additional USB 3.0 ports. You may of course do not need that many ports – but if you are left handed then you probably use mouse on the left of your laptop – then USB ports on the right will be handy.
These USB 3.0 ports may be also useful with some bhyve(8) setups. Currently its not supported to pass-thru just a single USB port to a virtual machine. You need to pass thru entire controller. This way you can pass-thru that controller to bhyve(8) VM and have another USB 3.0 ports on the host.
Larger Custom Battery
The original largest extended battery for ThinkPad W520 had 9400mAh capacity. Its possible to get even larger custom extended battery but in the same physical size and shape – with 9600mAh capacity – and for only about $50. To remind you the original one costs closer to $200 unfortunately. I got mine from this Aliexpress page. With my power settings and with this battery along with enabled WiFi and screen brightness just one step less then maximum brightness it show more then 7 hours of time left in acpiconf(8) command.
% acpiconf -i 0
Design capacity: 10368 mAh
Last full capacity: 10368 mAh
Technology: secondary (rechargeable)
Design voltage: 10800 mV
Capacity (warn): 518 mAh
Capacity (low): 18 mAh
Low/warn granularity: 1 mAh
Warn/full granularity: 1 mAh
Model number: 42T4763
Serial number: 1
Type: LION
OEM info: SANYO
State: discharging
Remaining capacity: 97%
Remaining time: 7:17
Present rate: 1393 mA (17086 mW)
Present voltage: 12266 mV
As you can see from the command above this custom battery size is even reported as closer to 10400mAh instead of advertised 9600maH. I do not know how to check which one is closer to truth – but the fact is that it allows longer work then the official one – and for smaller price.
Experience
This laptop along with its smaller and lighter brothers such as ThinkPad X220 or ThinkPad T420s are the best machines I know to work on FreeBSD … but maybe its because I do not use newer laptops π The general experience of FreeBSD on ThinkPad W520 is stable and uninterrupted work count in days and weeks of uptime. The suspend/resume works like a charm with many cycles possible – not just one. I one even recorded such suspend/resume cycle with many applications and games running on a busy FreeBSD system. Its available here FreeBSD 12.2 Suspend/Resume on a Vimeo page.
Here is now its being used daily.
Summary
I have been using this laptop since many years and I even laugh that as its a decade old – I would use it for the next decade π Most/all of this configuration applies to other ThinkPad models from this lineup like X220/T420s/T420/T520 … probably even L520 (but I did not tested that one).
ππππππππ 
Thank you for a great article! One thing I struggle to understand is why did you set doas as nopass for yourself? Where’s the benefit of using doas then? This way you can simply set root without password and you will have same security level? Or am I missing something important here?
LikeLike
Thanks.
This is a desktop/laptop. All the most private important files are already accessible by my user. What do you think is more important for me? The system configs (which I have backuped anyway) or my files (aslo backuped up)? π
The root user (and its rights) are needed for things like change CPU speed or connect using WiFi or even to change the speed of system fan. Besides strong root password is needed to protect Single User Mode – but I am not sure if the ‘attacker’ would get that far as this laptop is also protected by GELI full disk encryption for everything. Also even if root password is empty the su(1) command will ask for it anyway – unusable for scripts. Its also faster and less error prone to type doas ls or sudo ls then su -c ls … at least using my muscle memory π
Also in most organizations that I worked for – if you are properly logged into a system (usually by ssh(1) key) then its pointless to require password again – you are already authenticated – you either have administration rights with sudo(8) or doas(1) or not … or maybe I will put it this way – from all organizations I have worked for only one would not use a combination of sudo(8) and/or doas(1) and would require to switch to root from regular user using the root password. But they have only several servers (less then 10). I would like to see their approach verified against a farm of 500-1000 servers.
… but I agree that some people may treat security differently and that mine attitude may not be the best for all cases.
Hope that helps.
LikeLike
That’s an interesting point of view and I would say why not? I’m a bit paranoid on this topic, I even put daemons into separate jails (like for searx, dnsmasq, etc.). My thinking is that if someone can get root password, it’s easier to install malware. On the other hand, I have quite basic password on doas, so… Probably doesn’t make a difference at all.
Anyway, I noticed one typo: if you want to really skip USB scan on boot, you need to set hw.usb.no_boot_wait to 1, not 0. Thanks a lot for this option, because that was bugging me a lot. First I didn’t know what is CAM and why do I wait for it, after that I learned that it’s basically waiting for my SD card reader, which is always empty…
LikeLike
Thanks for your article.
I’m using Gentoo in Thinkpad X270 and Gigabyte Sabre 15.
Gigabyte Sabre 15
Full compatible hardware including UEFI support.
system + i3 + Bluetooth + Network connected + Nvidia drivers + Vivaldi with 20 tabs opened + Telegram Desktop + Typora = 2GB RAM
X270
Full compatible hardware including UEFI support.
OpenRC + i3 + Bluetooth + Network connected + Vivaldi with 20 tabs opened + Telegram Desktop + Typora = 1.5GB RAM
I tested FreeBSD 13.1, installing all software compiled from FreeBSD ports and I got 700MB RAM used just only with NVIDIA drivers + i3 + Network connected.
Bluetooth and webcam didn’t support
Some years ago, when I was using 9.0-CURRENT, FreeBSD flight too much, the ram is less used. But, I don’t know what happened, now it’s spending a lot of.
LikeLike
Thanks.
ZFS keeps its cache in RAM and also FreeBSD caches a lot in RAM – as per the saying “free memory is wasted memory”. It does not need that FreeBSD takes your whole RAM just like that – but it just keeps there things that can be useful and its currently not needed to free RAM of them. If applications will come with need for that RAM then FreeBSD would discard that cache and give that RAM to applications.
Check the description about various fields like Active/Inact/Wired/Buf/Free from top(1) command:
– https://klarasystems.com/articles/explaining-top1-on-freebsd/
There is also specific FreeBSD behavior about SWAP. FreeBSD sometimes keep same memory pages in both RAM and SWAP. That gives FreeBSD an opportunity to have a still quite fast cache (SWAP) when apps need to access these pages when RAM is used for applications – and as RAM is faster then SWAP it gives FreeBSD opportunity to serve these pages from RAM when there is not much memory pressure from applications. Its just faster.
More about that here:
– https://klarasystems.com/articles/exploring-swap-on-freebsd/
Regards.
LikeLike
I am very inspired to install FreeBSD 13-RELEASE on my Lenovo ThinkPad. The only thing holding me back was the slow experience I am getting from Windows via VirtualBox. I need a few Windows-only apps (not games, gpu is not important): would you think Windows on Bhyve would offer better performance?
LikeLike
When I tried Windows (7 and 10) under Bhyve it felt faster and more smooth then at VirtualBox. You should definitely try it IMHO.
LikeLike
Another great article.
I have a T420, with 16gb of ram and a the i5 cpu it came from. It’s currently running freebsd, and in the past it ran Debian stable. It’s been a great laptop for the 5 or 6 years I’ve had it.
The only thing I would say is that the *20 series maybe isn’t the best for the modern web….or it will work but not as well as even slightly newer hardware. My T430 is much better with the modern web.
LikeLiked by 1 person
Pingback: Valuable News – 2022/04/19 | ππππππππ