Kevin Thomas Development

Navigation

Installing and setting up OpenBSD on Thinkpad T480 + improving slowness

March 18, 2021

This guide will explain how I installed and setup OpenBSD on my Thinkpad T480 with full disk encryption, and how I improved the slowness I was experiencing out of the box.

My specs:

  • Model: Thinkpad T480
  • CPU: Intel i5-8350U
  • GPU: Intel(R) UHD Graphics 620
  • Memory: 16 Gigabytes
  • Storage: 1TB SATA SSD

Installation

Setting up installation media

Installing OpenBSD with full disk encryption was actually fairly simple. Install the amd64 .img file from the OpenBSD website here: https://www.openbsd.org/faq/faq4.html#Download. Grab a flash drive and format it with the FAT 32 file system (this can be done easily with a graphical tool like GParted). Burn the .img file to the flashdrive with the following command (make sure you are burning to the right device, the dd command can be dangerous): 
sudo dd bs=4M if=Downloads/openbsd.img of=/dev/sdb conv=fdatasync
Now, reboot your laptop, and press "Enter" on the splash screen and enter your BIOS settings. Navigate to the boot section and select your USB device as your boot device. Save and exit.

Full disk encryption

Let's setup full disk encryption. The OpenBSD website has a great guide on this: https://www.openbsd.org/faq/faq14.html#softraidFDE . Following that guide exactly worked great for me. I recommend choosing the GPT option for UEFI booting, as that is how the Thinkpad T480 boots by default. Keep in mind the sd# that it chooses for you might be different than the sd1 in the guide, and that's okay (for example, I believe sd1 was my USB drive when I did my installation, so the installer defaulted to sd3, which worked fine). Once you go through that guide, you should already be back at the main installer and have chosen your new device for installation.

Main installation

The installer is very simple, as almost every prompt has sane default values that you can change if you know you want to. For the network interface selection, you're going to want to select em0 for now, as that is the ethernet interface which will work out of the box. We will setup wifi later. I also used dhcp for the IP address. I chose to install the X Window System and create a user account. For disk partitioning, you can confirm you are installing to the right disk by pressing the '?' key and seeing your list of devices, confirming which one you set as your root partition earlier. Use whole disk GPT Partitioning if you chose GPT earlier when setting up disk encryption.

For the disk layout, you could just use the automatic layout, but I prefer all my directories on the same partition, so I used this custom layout: 
sd0> a b
offset: [128]
size: [xxx] 8G
FS type: [swap]
sd0*> a
partition: [a]
offset: [xxx]
size: [xxx]
FS type: [4.2BSD]
mount point: [none] /
sd0*> w
sd0> q
After this, you can simply select http for the location of sets, and select a close mirror. Then, you should be done. Just restart to boot into your new OS (make sure to remove your USB drive).

Post-installation setup

doas

Getting the doas command to work with your normal user makes life a lot easier because you can perform operations with root level privilege. First switch to your root user: su root. Then, edit the doas conf file: vi /etc/doas.conf. Put this line in the conf file: permit :wheel. This will allow users in the wheel group to use the doas command (your user should already be in that group). You can now use doas to run commands requiring root level permissions, like installing packages: doas pkg_add vim.

Wifi

You probably want to get wifi setup. Install missing firmware with: doas fw_update. Run the command ifconfig to see your list of network interfaces. Your wifi interface should be iwm0, so you should create the following file for this interface: doas vim /etc/hostname.iwm0. Inside the file, setup your wifi credentials like this (replacing "MyWifiNetwork" and "MyWifiPassword" with their actual values): 
nwid MyWifiNetwork wpakey MyWifiPassword
dhcp
Connect to your wifi network by running: doas dhclient iwm0. You shoud now have your wifi setup.

Improving slowness

OpenBSD was basically unusably slow out of the box on my Thinkpad T480. Here are the steps I took to improve its slowness and make it useable for desktop tasks.

Thunderbolt

There seem to be conflicting reports on how Thunderbolt plays an effect on OpenBSD being slow on the T480. u/bioctl on reddit reported that Thunderbolt seemed to be causing an acpi0 interrupt that would slow down their T480, so they disabled it. However, iBSD reports that enabling "Thunderbold BIOS Assist" in the BIOS settings is what fixes the slowness issue (specifically after a shutdown rather than a restart). I believe this is what fixed the issue for me, so the iBSD fix is the one I would recommend trying first.

Use intel driver

By default Xorg was using the modsetting driver which I believe has worse performance than the intel driver. To use the intel driver, create an xorg conf file: doas vim /etc/X11/xorg.conf and add the following: 
Section "Device"
        Identifier "Intel Graphics"
        Driver "intel"
EndSection

Add user to staff group and class

The staff group/class is granted more system performance by default, add your user to it: 
doas usermod -L staff user
doas usermod -G staff user

Enable apmd

Enable the power management daemon: doas rcctl enable apmd. Then add this line to /etc/rc.conf.local: 
apmd_flags=-A
This sets the daemon to "automatic performance adjustment mode."

Edit login.conf

The login.conf file is where resource limits for different classes of users are defined. Since I want my user to not be bottlenecked by these limits, I made adjustments in the "staff" section, increasing resource limits by a lot. Edit your /etc/login.conf file, and change the "staff" section to this: 
#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
	:datasize-cur=16384M:\
	:datasize-max=infinity:\
	:maxproc-max=1024:\
	:maxproc-cur=1024:\
	:stacksize-cur=8M:\
	:ignorenologin:\
	:requirehome@:\
	:tc=default:

Edit sysctl.conf

I increased some resource limits in my sysctl.conf file as well. Make a /etc/sysctl.conf file and add these lines: 
kern.maxproc=32768
kern.maxthread=4096
I believe you can also enable hyperthreading in this file (OpenBSD has it disabled by default for security reasons), however, I choose to keep it off.

Soft Updates

Soft Updates can be enabled to improve performance. Simply edit your /etc/fstab file, and make sure the softdep flag is added to your root partition. For example: 
26bfefb4e47ee753.a / ffs rw,wxallowed,softdep 1 1

ulimit

Add this line to your ~/.xsession to disable home directory core dumps: ulimit -Sc 0

mfs

You can use an mfs filesystem for your cache directory to improve performance. Simply create an entry for it in your /etc/fstab file: 
swap /home/kevin/.cache mfs rw,nodev,nosuid,-s=300m 0 0

Restart your computer

Now, hopefully you see a massive performance gain. You should be able to move windows around without lag, and Firefox should be responsive and useable.