So apparently it’s been 5 years since I last updated this series: https://www.totalnetsolutions.net/2012/12/09/lenovo-t430-running-kubuntu-12-10-for-extreme-battery-life/

i’ve restarted most of these configurations over the past 5 years, especially as I’ve switched away from WWAN to tethering, and from spinning rust to SSD, but a lot of the core concepts remain: about 6 years ago my battery died after 3.5 hours of VM troubleshooting, while on a flight, and I lost some data in the emergency “go to sleep, not hibernate”, which cost me 2 hours of rework in the hotel at midnight. My goal, now, is “be able to work multiple simultaneous tasks, have a VM running, and still get super-long battery life when I need it, but not impact performance noticeably.”

With powertop reporting <5W (14h remaining) power consumption while idle, and <6W (11 hours) with firefox open while I start to write this post in August, 2017, I think I’ve hit the mark reasonably well.

As with the Lenovo T430 in the previous post, everything I care about works right out of the box, but when I first started my custom kernels, I missed a few things that I had to add back in before writing this up.

Hardware


CPU: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz
Memory: 16GB RAM
VGA compatible controller: Intel Corporation HD Graphics 520 (rev 07)
Ethernet controller: Intel Corporation Ethernet Connection I219-LM (rev 21)
Network controller: Intel Corporation Wireless 8260 (rev 3a)

Audio device: Intel Corporation Sunrise Point-LP HD Audio (rev 21)
Bluetooth device: Intel (integrated on the USB)
Synaptics Touchpad and Twiddler Mouse

Jump to main sections with these links:
CPU Configuration
Network Configuration
Video Configuration
Encryption / Security configuration
Battery saving configuration
Custom kernel .config

CPU and Battery


I have a series of posts on my love of getting the most performance and battery life I can from my systems, see the last and first of the series for a bit more, or dig through my twitter on the subject. What’s new this year is the latest i5 Core CPU with Linux 4.4 has a new “pstate” performance governor that’s not actually buggy anymore, if you configure it right. I used to use the acpi_cpufreq governors “ondemand” on AC and “conservative” on battery. But the new pstate drivers apparently perform better (thanks Phoronix) AND scale down for battery savings better, so I needed to switch that. Since I was switching governors, I figured it was time to re-check my 2007 finding that moving from “GENERIC_CPU” to “MCORE2” saved me 30+ minutes alone.

Well, it does. But I didn’t keep the data, sorry. What this means is I once again needed to custom compile a kernel to get the right CPU options, and to get the new pstate driver. Since I was in doing that, and since the 2012 post, I’ve moved away from the default kernel Scheduler to Colin Kalvis’ BFS scheduler, so we get to patch THAT in as well. More on those options down at the custom kernel config section, but the point here is that BFS added some stability to heavy “running multiple VMs, and processing 4GB of raw data in Perl” swapping problems I was having, even with 16GB RAM, as well as not hurting my battery life, with a high possibility of 10-20 minutes extra life on normal operations.

The battery in the system is designed at 8157000 mWh, and after 6 months is down to 6621000 mWh. The “amount of time running” is based on the past 2 months, not day 1 of receiving the laptop.

Lastly, I’m still using cpufreqd, but the configuration is vastly simplified – pstate “powersave” when my AC is not plugged in, or the battery’s below 70%, and pstate “performance” otherwise. Ubuntu fixed the broken cpufreqd daemon sometime in 2014, so I’m back to the distribution default version of that, yay!

My custom cpufreqd.conf.

Network


I stopped using my jumbo frames script from here in Kubuntu 16.10, because apparently NetworkManager can figure that out on its own, and it’s been relatively successful. My wireless adapter connects to the new Netgear T6400 at near gigabit speed, but the R6400 doesn’t support jumbo frames itself, so I’m segmenting off some new VLANs to break the Jumbo Frames hosts from the wireless / nonintelligent hosts. That’ll mean resurrecting my jumbo frames script to instead set the VLAN Tag when I’m home.h

Sound


Sound has always been a joke for Linux users, but the Intel HD-Audio has been really solid for me for several years, especially with pulseaudio actually being relatively stable for me. When I recieved the laptop, I was having a problem where full-duplex audio was causing what appeared to be a storm of interrupts that hung the entire laptop. But about 2 months of debugging resulted in “I built a new kernel, and now it works fine.” I don’t know if it was a bug in the codec in the kernel, or something that silently patched. How I have Bluetooth audio headset, bluetooth headset for online conference calls, and appropriate switching for apps and reminders (reminders / alerts go to speakers and bluetooth in my config, in case I take the headphones off), with the options int he PulseAudio configuration in KDE. I have no “.asoundrc” or /etc/asound or /etc/pulse or ~/.pulse/client.conf anymore either, which is great!

Video


For the first time in years, I do not have a multi-graphics card system to deal with. The i915 driver works out of the box and is unremarkable, but functional. And great for battery life. But boring to discuss.

Encryption and Security

Encryption

During installation, I chose the option to use an encrypted LVM volume. This uses DM-Crypt to encrypt the full HDD, so that it has to be unlocked at boot time. The Kubuntu installer seems to forget this fact, so it also asks you to set up ecryptfs private home directories, which is NOT neccessary for a single-user laptop, since the whole OS is already encrypted. The only oddity with dm-crypt is that sometimes the splash screen prompt to unlock the computer doesn’t show. Originally, if I just wait for disk activity to disappear, and have a blank screen, I can just type the passphrase, and it’ll still unlock successfully. But I instead made a change to /etc/default/grub:


GRUB_CMDLINE_LINUX_DEFAULT="noquiet nosplash"

And now I don’t get the splash screen, and the prompt comes up properly right away. And I get all the hacker-y looking boot errors from systemd.

Security

Because this laptop has some sensitive work information on it, I wanted to get a bit more paranoid with the “unattended on a conference table” and “connected to a public wifi network” situations, especially since I actually have OpenSSH listening on all interfaces (yes, I ssh into my laptop from my phone more often than you do). I purchased a multi-protocol Yubikey and downloaded and installed the Yubikey PAM module for Challenge-Response, with the instructions on their website, here. Combined with Active Directory authentication, my cached user can only log in if the Yubikey is inserted into the laptop. So when I step away in meetings, the laptop locks, and my password can’t be cracked.

For additional security, I enrolled the root account on my laptop into my Password vault which rotates the root password every 14 days with a 50+-character random passcode, so even an attacker getting physical access once it’s booted (decrypted) will have little chance of breaking into the box even when I have the yubikey in place.

Additional Power Savings


I still run laptop-mode tools to cut down on power utilization from non-CPU peripherals. I could get more by having the ethernet port actually turn off when on battery, but I actually use it on battery quite a lot, so I’m not sure the hassle of re-enabling it is worth the battery savings. Here are the configurations I use:
intel-hda-powersave
intel-sata-powermgmt
intel_pstate
laptop-mode
runtime-pm
wireless-iwl-power
cpuhotplug
bluetooth
battery-level-polling
ethernet

What I’m now getting is 5-7W of power utilization while online with firefox and chrome both running, bluetooth running, and no VMs. Booting my Windows VM in VMware Workstation bumps me up to 15-20W, but I’m still getting 5 hours of battery life with no features disabled AND running a full Windows VM (the Windows VM has battery detection disabled, too). My non-VM battery life is reporting in the 9-11 hour range, but I’ve never had to use it that long to worry.

Kernel Config


I use the Ubuntu Kernel sources, mostly because the laptop tells me when there’s new Kernel sources with security fixes. I’m using BFS as my scheduler, which is fantastic when I get into “3 VMs using 12GB RAM and a reporting job wanting another 6GB” swap death. I have enough keyboard control to kill the reporting job, then shut down the VMs, and try the reporting job again. Before BFS, I either waited 6 hours, or rebooted the whole damn laptop.
BFS patches are here. If that doesn’t make sense, don’t use them. Please.
My custom kernel .config is here.

Building

The build system I use is the same as in 2012:

sudo apt-get install fakeroot build-dep linux-image-`uname -r`
sudo apt-get install linux-source
sudo usermod -a -G src YOUR_USERNAME

Now log out and back in, so that you’re a member of the “src” group.

cd /usr/src
sudo chown -R $USER:src .
tar -jxf ./linux-source-4.4.0/linux-source-4.4.0.tar.bz2
ln -s linux-source-4.4.0 linux
cd linux
wget http://www.totalnetsolutions.net/wp-content/uploads/2012/12/rob-config-20121204c.txt
mv rob-config-20121204c.txt .config
make oldconfig
make menuconfig

Make any changes you want in here, then exit and save

make-kpkg --initrd --rootcmd fakeroot --append-to-version=.20170912a kernel_image kernel_headers

You’ll get 2 DEB files in /usr/src that you can then install and boot to. the “append-to-version” I use as a dating system for my kernels. “20170912a” means the 2nd kernel attempt on September 12, 2017, the day I’m writing this post (first attempts get no letter).