I’ve done a bug report officially too, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248945
/boot/loader.conf
hw.x2apic_enable=0
kern.cam.ada.write_cache=0
/etc/rc.conf
(only relevant values)
...
dbus_enable=YES
hald_enable=YES
moused_type=auto
moused_enable=YES
sddm_enable=YES
...
/etc/sysctl.conf
security.bsd.see_other_uids=0
kern.geom.debugflags=16
hardening.pax.aslr.status=2
hardening.procfs_harden=1
hardening.pax.segvguard.status=1
hardening.pax.mprotect.status=1
hardening.pax.pageexec.status=1
vfs.usermount=1
net.inet.ip.random_id=1
net.inet6.ip6.use_deprecated=0
net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1
security.bsd.see_other_gids=0
security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
security.bsd.stack_guard_page=1
security.bsd.unprivileged_proc_debug=0
security.bsd.unprivileged_read_msgbuf=0
net.local.stream.recvspace=65536
net.local.stream.sendspace=65536
kern.msgbuf_show_timestamp=1