This is my notes from configuring a functional FreeBSD 13/14 (started with 13.1-RELEASE and moved to stable/14 branch) on my Dell Precision 7550 Laptop with Dell Thunderbolt 3 Dock.
- Install from 14-Beta5 release memstick image worked great with UEFI (Secure Boot disabled), and boot config in BIOS/UEFI setup for AHCI access (NOT Intel Raid) to nvme drives.
- iwl Wi-Fi card from Intel, no issues as long as I don't try to change regulatory domain from defaults. WPA2 authentication worked as I expected, WPA3 is not there yet in the FreeBSD 802.11 stack.
iwlwifi0@pci0:0:20:3: class=0x028000 rev=0x00 hdr=0x00 vendor=0x8086 device=0x06f0 subvendor=0x8086 subdevice=0x4070
vendor = 'Intel Corporation'
device = 'Comet Lake PCH CNVi WiFi'
class = network
- Laptop when cold booting with lid closed and plugged into Dell Thunderbolt dock, USB, ure0 ethernet, and Displayport worked without any additional configuration. Hotplugging did not seem to work, nor does multiple display mode on X11 out of the box.
- Sound and webcam just worked.
- Kernel compile using
make -j10 buildkernel
of under 300 seconds.
- Latest OpenSSH (9.0) to have latest FIDO2 support patches
ubt0
Bluetooth started working once I installed the firmware package from pkg(8)iwmbt-firmware
- X11: gnome, gdm, dbus all setup as enabled in rc.conf
proc /proc procfs rw 0 0
in/etc/fstab
to enable gdm/gnome. - Yubikey: https://gist.github.com/daemonhorn/bdd77a7bc0ff5842e5a31d999b96e1f1
- Latest stable/14 branch
- Powermanagement: (suspend works, resume video does not)
- Disable gnome's auto-suspend on both battery and ac:
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
*Powerd enabled to manage power states: powerd_enable="YES"
in /etc/rc.conf
3. Disable sendmail in /etc/rc.conf
sendmail_enable="NONE" (soon to be deprecated syntax)
4. Install and configure openntpd
package (instead of ISC ntpd). service openntpd enable && service openntpd start
/usr/local/etc/ntpd.conf
is config file, andntpctl -s all
will give status detail
- Support all of the smartcard methods for both Internal reader, and USB Yubikey
- Internal Broadcom reader
ugen1.2: <Broadcom Corp 58200>
with OpenPGP ZeitControl card. (https://floss-shop.de) - USB Yubikey
ugen1.5: <Yubico YubiKey OTP+FIDO+CCID>
- Yubikey PKCS11 PIV via pcscd ccid
- Yubikey FIDO/U2F via libfido2 (OpenSSH + WebAuthn)
- OpenPGP card + Yubikey OpenPGP applet via gpg's scdaemon using modern USB
hidraw(4)
driver and~/.gnupg/scdaemon.conf
with:
pcsc-shared disable-ccid
- Use the modern
usbhid(4)
control interface (requires libfido2 1.13+) via/boot/loader.conf
hidraw_load="YES" hkbd_load="YES" hw.usb.usbhid.enable="1"
- Install FIDO/pcscd/PKCS11 runtime dependancies:
pkg install py39-yubikey-manager yubico-piv-tool pcsc-lite ccid libfido2 OpenSSH-askpass u2f-devd py39-fido2 libu2f-host && \ service pcscd enable && service pcscd start
- Internal Broadcom reader