This guide will explain how I installed and setup OpenBSD on my Thinkpad T480 with full
disk encryption, and how I improved the slowness I was experiencing out of the box.
ddcommand can be dangerous):
sudo dd bs=4M if=Downloads/openbsd.img of=/dev/sdb conv=fdatasyncNow, reboot your laptop, and press "Enter" on the splash screen and enter your BIOS settings. Navigate to the boot section and select your USB device as your boot device. Save and exit.
sd#that it chooses for you might be different than the
sd1in the guide, and that's okay (for example, I believe
sd1was my USB drive when I did my installation, so the installer defaulted to
sd3, which worked fine). Once you go through that guide, you should already be back at the main installer and have chosen your new device for installation.
em0for now, as that is the ethernet interface which will work out of the box. We will setup wifi later. I also used
dhcpfor the IP address. I chose to install the X Window System and create a user account. For disk partitioning, you can confirm you are installing to the right disk by pressing the '?' key and seeing your list of devices, confirming which one you set as your root partition earlier. Use whole disk GPT Partitioning if you chose GPT earlier when setting up disk encryption.
sd0> a b offset:  size: [xxx] 8G FS type: [swap] sd0*> a partition: [a] offset: [xxx] size: [xxx] FS type: [4.2BSD] mount point: [none] / sd0*> w sd0> qAfter this, you can simply select
httpfor the location of sets, and select a close mirror. Then, you should be done. Just restart to boot into your new OS (make sure to remove your USB drive).
doascommand to work with your normal user makes life a lot easier because you can perform operations with root level privilege. First switch to your root user:
su root. Then, edit the doas conf file:
vi /etc/doas.conf. Put this line in the conf file:
permit :wheel. This will allow users in the wheel group to use the
doascommand (your user should already be in that group). You can now use
doasto run commands requiring root level permissions, like installing packages:
doas pkg_add vim.
doas fw_update. Run the command
ifconfigto see your list of network interfaces. Your wifi interface should be
iwm0, so you should create the following file for this interface:
doas vim /etc/hostname.iwm0. Inside the file, setup your wifi credentials like this (replacing "MyWifiNetwork" and "MyWifiPassword" with their actual values):
nwid MyWifiNetwork wpakey MyWifiPassword dhcpConnect to your wifi network by running:
doas dhclient iwm0. You shoud now have your wifi setup.
doas vim /etc/X11/xorg.confand add the following:
Section "Device" Identifier "Intel Graphics" Driver "intel" EndSection
doas usermod -L staff user doas usermod -G staff user
doas rcctl enable apmd. Then add this line to
apmd_flags=-AThis sets the daemon to "automatic performance adjustment mode."
/etc/login.conffile, and change the "staff" section to this:
# # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=16384M:\ :datasize-max=infinity:\ :maxproc-max=1024:\ :maxproc-cur=1024:\ :stacksize-cur=8M:\ :ignorenologin:\ :[email protected]:\ :tc=default:
/etc/sysctl.conffile and add these lines:
kern.maxproc=32768 kern.maxthread=4096I believe you can also enable hyperthreading in this file (OpenBSD has it disabled by default for security reasons), however, I choose to keep it off.
/etc/fstabfile, and make sure the
softdepflag is added to your root partition. For example:
26bfefb4e47ee753.a / ffs rw,wxallowed,softdep 1 1
~/.xsessionto disable home directory core dumps:
ulimit -Sc 0
swap /home/kevin/.cache mfs rw,nodev,nosuid,-s=300m 0 0