HardenedArray/Encrypted Arch with Bcache Support Installation Procedure

## Encrypted Arch with Bcache Support Installation Procedure

    # OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems with full Bcache SSD/HDD support
    # and boot from UEFI.

    # RATIONALE:  As most users realize, you have to pay for marginal speed improvements in all circuits which compute.
    # This holds true for CPUs, GPUs, DRAM, SRAM, Drives, including memory cards and USB sticks.  If you want speed, you
    # must be willing to pay the price premium that a faster device commands versus a slower alternative.

    # SSDs are incredibly fast, but expensive to produce, and therefore, only offer limited storage space.
    # HDDs, by comparison, are ridiculously slow, but offer immense storage space per dollar expended.
    # Despite the higher $/GiB storage cost, many power users have opted to swap out their old primary system HDDs
    # in favor of (usually) smaller SSDs.  These SSD users now have far faster booting, and significantly more responsive,
    # systems, but at the cost of (typically) far less available storage access.

    # Bcache is a superb tool which allows users to leverage the incredible read and write speeds of SSDs while still being able
    # to access their inexpensive and large HDD storage, quickly, concurrently and seamlessly, on the same running Arch system.

    # REQUIREMENTS:  You should have a modern SSD installed and correctly recognized as your primary system drive, whether you
    # run a laptop or a desktop workstation.  Your system must also be able to recognize another connected HDD.  The faster that
    # HDD connection, the better.  For example, a 2.5" HDD residing in a SATA 3 HDD caddy is preferred over a HDD connected
    # via an external USB 3.0 HDD enclosure.  However, noting we prefer speed, either should work for bcache installation.

    # Obviously you need free, zeroed-out space on both drives available prior to installation.

    # WARNING:  As expected, the Bcache ArchWiki provides excellent bcache management examples.  Do NOT implement ANY of
    # them during this installation procedure.  Only follow the steps here and accept all the defaults during installation.
    # The time to test and optimize bcache speeds comes much later, as in, definitely not now!

    # Bcache must be correctly installed, along with a clean Arch Linux installation, if you expect bcache to work.  Many of
    # of the existing bcache guides I found on the Net are either deplorable, deprecated or lack key, required, steps.
    # Worse, almost none of the purported bcache 'guides' address the vitally important topic of full system encryption.

    # This guide provides the correct steps.

    # Note:  This method supports both dedicated Arch bcache installs and those who wish to install Arch bcache on a
    # multi-OS-UEFI booting system.

    # External USB HDD/SSD Installers Notes:  Encrypted Arch installs can be booted and run from an external USB HDD
    # or SSD, but only when the installation is correctly set up.  There are several necessary changes to my standard
    # procedure you'll want to make during the install process.  Read my External USB HDD/SSD Installation section
    # below before proceeding.

    # VirtualBox Installers Notes:  Bcache is designed to be installed to and run on bare-metal, physical SSD/HDD drives.
    # If you only want to learn or practice installing encrypted Arch Linux, VBox is a good place to start.
    # I have written a separate guide dedicated to the specifics of achieving an encrypted Arch Linux VirtualBox installation.

    # That being said, I have tested, and it IS possible to install bcache within a VBox UEFI-installation using a 'virtual' SSD
    # device for /dev/sda -C (caching) and a physical USB stick for /dev/sdb -B (backing).  If you know your way around VBox,
    # the VBox-specific modifications required to complete this installation procedure should be obvious.  Others interested in
    # bcache VBox installation procedure will have to wait until I have the requisite time to publish that process.

    # My Arch Linux (non-bcache-enabled) VirtualBox Guest installation guide is available at:

    https://gist.github.com/HardenedArray/d5b70681eca1d4e7cfb88df32cc4c7e6

    # For those interested, open a new terminal at tty2 using ctrl-alt-f2, then use elinks to search for 'HardenedArray Gists'

    # The official Arch installation guide contains details that you should refer to during this installation process.
    # That guide resides at:  https://wiki.archlinux.org/index.php/Installation_Guide

    # Download the archlinux-*.iso image from https://www.archlinux.org/download/ and its GnuPG signature.
    # Use gpg --verify to ensure your archlinux-*.iso is exactly what the Arch developers intended.  For example:

    $ gpg -v archlinux-2019.11.01-x86_64.iso.sig
    gpg: WARNING: no command supplied.  Trying to guess what you mean ...
    gpg: assuming signed data in 'archlinux-2019.11.01-x86_64.iso'
    gpg: Signature made Fri Nov  1 16:34:35 2019 UTC
    gpg:                using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
    gpg: using pgp trust model
    gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC
    gpg: binary signature, digest algorithm SHA256, key algorithm rsa2048


    # Burn the archlinux-*.iso  to a 1+ Gb USB stick.  On linux, do something like:

    dd bs=4M if=archlinux-*.iso of=/dev/sdX status=progress oflag=sync

    # If running Windows, use Rufus to burn the archlinux-*.iso to your USB stick in 'DD' mode.
    # Also, if you are running BitLocker to encrypt your Windows system, read my BitLocker notes below, before proceeding.

    # UEFI-Boot from your USB stick. If your USB stick fails to boot, ensure that Secure Boot is disabled in your
    # UEFI configuration.

    # Set your keymap only if not you are not using the default English language.

    # It is typically wiser to be hard wired to the Net during installation. However, Arch supports WiFi-only installs.  Also
    # note that in mid-2020 the Arch devs deprecrated the use of `wifi-menu`.  The current installation images support `iwd`,
    # which provides `iwctl`.  Carefully note that `iwd` will NOT be installed on your new system.  If you will require WiFi
    # access following reboot, we install `iwd` in the pacstrap command and then enable it after we enter arch-chroot, below.

    # Connect to WiFi using:

    iwctl

    # then to connect to your WiFi station; do something like:

    station <wlan device name> connect <wifi-station-name tab-auto-complete>

    # then enter your wifi station's passphrase

    # It is possible to access this guide from within your Arch installation environment using the built-in elinks text browser.
    # For those interested, open a new terminal at tty2 using ctrl-alt-f2, then use elinks to search for 'HardenedArray Gists'
    # which should return the URLs of my Arch installation guides, for example:

    https://gist.github.com/HardenedArray/2c3e8c16e0710d02383b7b66785436b3

    # You can then return to your installation terminal using ctrl-alt-f1.

    # Create and size partitions appropriate to your goals using gdisk.
    # Carefully Note:  Multi-OS booters who have an existing EFI partition on their drive should NOT create a
    # new EFI partition.  Instead, we will append Arch as another OS to your existing EFI partition.
    # See my Multi-OS-Booting Notes, below.

    # This example supports a laptop bcache Arch installation using a 500 Gb SSD (/dev/sda) and a 2 Tb HDD (/dev/sdb) using a
    # SATA 3 HDD drive caddy. Your device capacities and partition assignments and partition numbers may vary.

    # The important things to remember are:  your SSD is your caching device and your HDD is your backing device.
    # We want our encrypted / and swap and our /boot and /boot/efi to ALL reside on our SSD, so we can boot quickly
    # and run all programs utilizing our SSD's much lower latency, i.e. significantly faster read and write access times.

    # Create ONLY the partitions you need.  Do NOT create filesystems now, this step comes later:

    gdisk /dev/sda  ## Again, this is my SSD.  Vary your partition numbers, as required.

    Partition 6 = 100 MiB EFI partition # Hex code EF00 # Do NOT create a new /boot/efi, if one exists.  Append, instead!
    Partition 7 = 250 MiB Boot partition # Hex code 8300
    Partition 8 = 20 GiB / and swap partition # Hex code 8300

    # 20 GiB is sufficient for a complete DE, bcache-enabled Arch installation.  Choose a reasonable
    # size for your encrypted root and swap system partition, or just size it to the last sector of your SSD.

    # Review your partitions with 'p'.
    # Write your gdisk changes with 'w'.
    # Reboot, if necessary, so the kernel reads your new partition structure.

    # Then for: gdisk /dev/sdb

    # Create a large, HDD single partition, sized to your liking.  This backing device partition size will define your final
    # bcache system size.  Think about it, prior to proceeding.

    Partition 3 = 700+ GiB, # Hex code 8300 is aqequate.  Choose a reasonable size for your encrypted backing partition.

    # Save your changes.

    # All data written to your soon to be created /dev/bcache0 will also be encrpted by LUKS/dm-crypt.

    # Reboot, if necessary, so the kernel reads your new partition structure.

    # If you are like me, and demand that your installation will be cryptographically secure, do NOT skip these steps!
    # I strongly recommend you zero-out each of of your new partitions prior to creating filesystems on them.
    # Obviously, multi-OS booters should NEVER zero-out an existing EFI partition.  You can either use the Arch installer's
    # ddrescue or, if you don't mind not having a progress indicator, it's more efficient to run:

    cat /dev/zero > /dev/sdXY followed by
    cat /dev/zero > /dev/sdXZ, and so on

    # Using the partitioning examples above, you would do:

    cat /dev/zero > /dev/sda6
    cat /dev/zero > /dev/sda7
    cat /dev/zero > /dev/sda8
    cat /dev/zero > /dev/sdb3

    # Run from within the Arch installation environment, run, as root:

    mount -o remount,size=8G /run/archiso/cowspace

    pacman -Syu base-devel git --ignore linux

    # Create a new User:

    useradd -m -G wheel -s /bin/bash user

    # then:

    passwd user

    # then, since we will require sudo for vital future steps, do:

    EDITOR=nano visudo

    # and add:

    user ALL=(ALL) ALL

    # under User privilege specification.  Save the /etc/sudoers.tmp file.

    # Use ctrl-alt-f3, and login as 'user'

    # Build and install bcache-tools from AUR:

    git clone https://aur.archlinux.org/bcache-tools.git

    cd bcache-tools/

    makepkg -sri

    # Switch back to the installation environment, as root (ctrl-alt-f1)

    # Create, link and register your bcache devices.  Again, maintaining consistency with the above provided examples:

    make-bcache -B /dev/sdb3 -C /dev/sda8

    # This creates a new device, /dev/bcache0, which is the bcache device we will be encrypting and installing Arch on.

    # Create filesystems for /boot/efi and /boot.  I recommend using btrfs on all SSDs and HDDs running bcache.

    # Again, maintaining consistency with the examples above:

    mkfs.vfat -F 32 /dev/sda6
    mkfs.btrfs /dev/sda7

    # Encrypt and open your system partition

    cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/bcache0

    cryptsetup luksOpen /dev/bcache0 BcacheRocks # (or use any word or phrase you're fond of)

    # Create encrypted LVM partitions

    # These steps create a required root partition and an optional partition for swap.
    # Note that using a swap file with BTRFS is a very poor idea.  Swap partitions are not controlled by BTRFS
    # so they work fine.  Read the BTRFS ArchWiki before proceeding.
    # Also note that BTRFS fully supports, detects, and properly configures settings for all modern SSDs, which is
    # the drive type almost everyone should be running when installing ArchLinux!
    # HDDs are only useful for infrequently accessed data, and for storing your SSD's critical directories as
    # encrypted backups.

    # Modify this structure only if you need additional, separate partitions.  The sizes used below are only suggestions.
    # The VG and LV labels 'MyBcache, root and swap' can be changed to anything memorable to you.
    # Use your labels consistently, below!

    pvcreate /dev/mapper/BcacheRocks
    vgcreate MyBcache /dev/mapper/BcacheRocks
    lvcreate -L 512M MyBcache -n swap
    lvcreate -l 100%FREE MyBcache -n root

    # Create filesystems on your encrypted partitions

    mkswap /dev/mapper/MyBcache-swap
    mkfs.btrfs /dev/mapper/MyBcache-root

    # Mount the new system, using the prior examples:

    mount /dev/mapper/MyBcache-root /mnt
    swapon /dev/mapper/MyBcache-swap
    mkdir /mnt/boot
    mount /dev/sda7 /mnt/boot
    mkdir /mnt/boot/efi
    mount /dev/sd6 /mnt/boot/efi

    # Optional - Edit the Mirrorlist To Optimize Package Download Speeds

    nano /etc/pacman.d/mirrorlist

    # Copy one or two mirrors near your physical location to the top of the mirrorlist.

    # Install your Arch system

    # If you read the contents of https://www.archlinux.org/ you would know the Arch developers made significant
    # changes to the 'base' package in October 2019.

    # The new base-metapackage does not contain a kernel nor an editor and several other important packages.
    # We will be addressing those issues in our pacstrap command below.


    # This installation command provides a decent set of basic system programs which will also support WiFi through
    # iwd's `iwctl` after initially booting into your Arch system.  Having WiFi following installation is particularly
    # critical for anyone running a modern ultrabook, as most are equipped with WiFi-only access to the Net.  Recommended, yet
    # optional:  make and enjoy some fresh java while the following command completes.  Once completed, you'll only
    # be a few minutes away from putting your new system to serious work!

    pacstrap /mnt base base-devel grub efibootmgr dialog wpa_supplicant linux linux-headers dkms nano
    dhcpcd iwd lvm2 linux-firmware man-pages

    # Create and review FSTAB

    genfstab -U /mnt >> /mnt/etc/fstab  # The -U option pulls in all the correct UUIDs for your mounted filesystems.

    cat /mnt/etc/fstab  # Check your fstab carefully, and modify it, if required.

    # Enter the encrypted, bcache-mounted new system:

    arch-chroot /mnt /bin/bash

    # Switch back to your previously created user account using ctrl-alt-f3

    # From bcache-tools/ run:

    sudo cp bcache-tools-1.0.8-2-x86_64.pkg.tar.xz /mnt

    # Switch back into chroot using ctrl-alt-f1, then run these commands to install bcache-tools on your new system:

    cd /

    pacman -U bcache-tools-1.0.8-2-x86_64.pkg.tar.xz

    # Now run:

    bcache-super-show /dev/sda8

    # and:

    bcache-super-show /dev/sdb3

    # Verify the 'cset.uuid' strings match for both the SSD and HDD partitions.  If so, you are golden, and the remainder of
    # the Arch Linux system installation process is quite standard.  Pay careful attention to the mkinitcpio section, below.

    # If the cset.uuid strings do not match, bcache will not work.  Start over, and do it correctly.
    # This procedure, when followed with precision, works!

    # NinjaTip:  'lsblk' should now make perfect sense.  If so, give yourself a pat on the back.
    # Your linux-fu is getting stronger!

    # Set the system clock

    ln -s /usr/share/zoneinfo/UTC /etc/localtime  # This will harmlessly fail if your system's CMOS clock is already set to UTC.
    hwclock --systohc --utc

    # If you require WiFi following reboot, enable iwd:

    systemctl enable iwd

    # Assign your hostname

    echo MyHostName > /etc/hostname

    # Set or update your locale

    # If English is your native language, you need to edit exactly two lines to correctly configure your locale
    # language settings:

    a. In /etc/locale.gen **uncomment only**: en_US.UTF-8 UTF-8
    b. In /etc/locale.conf, you should **only** have this line: LANG=en_US.UTF-8

    # Now run:

    locale-gen

    # Set your root password

    passwd

    # Create a system User, assign appropriate Group membership, and set a User password.  'Wheel' is just one important Group

    useradd -m -G wheel -s /bin/bash MyUserName  # YES, you can use the identical 'user' name and passwd you used in pre-chroot

    passwd MyUserName

    # Configure mkinitcpio with the correct HOOKS required for your bcache-enabled initrd image

    nano /etc/mkinitcpio.conf

    # Add bcache to MODULES:

    MODULES=(bcache)

    # Use this HOOKS statement, with NO changes to the HOOKS order, for bcache and encryption initramfs support:

    HOOKS="base udev autodetect modconf block bcache encrypt lvm2 keymap resume filesystems keyboard fsck"

    # If you are using mdadm RAID for your backing device, append 'mdadm_udev' to the HOOKS statement above, then
    # update your /etc/mdadm.conf.

    # Note that recent ArchLinux installation images have shipped with a new version of /etc/mkinitcpio.conf.  The
    # only difference is that the new version uses '(' and ')' instead of the previous double quotation marks: ' " " '.
    # Therefore, the current HOOKS statement should be:

    HOOKS=(base udev autodetect modconf block bcache encrypt lvm2 keymap resume filesystems keyboard fsck)

    # You do not need or want 'resume' in your HOOKS statement if you are not using swap.

    # Generate your initrd image

    mkinitcpio -p linux

    # Install and configure Grub-EFI

    # The correct way to install grub on an UEFI computer, irrespective of your use of a HDD or SSD, and whether you are
    # installing dedicated Arch, or multi-OS booting, is:

    grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchBcache

    # Edit /etc/default/grub so it includes a statement like this:

    # GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdYZ:MyDevMapperMountpoint resume=/dev/mapper/MyVolGroupName-MyLVSwapName"

    # Maintaining consistency with the examples provided above, you would use something like:

    GRUB_CMDLINE_LINUX="cryptdevice=/dev/bcache0:BcacheRocks resume=/dev/mapper/MyBcache-swap"

    # If you are not using swap, eliminate the 'resume' statement above.

    # I have also noticed that recent releases of grub2 now offer this new option within /etc/default/grub:

    # Uncomment to enable booting from LUKS encrypted devices
    # GRUB_ENABLE_CRYPTODISK=y

    # Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted ArchLinux system.

    # Generate Your Final Grub Configuration:

    grub-mkconfig -o /boot/grub/grub.cfg

    # Exit Your New Bcache Arch System

    exit

    # Unmount all partitions

    umount -R /mnt
    swapoff -a

    # Reboot and Enjoy Your Bcache Enabled Encrypted Arch Linux System!

    reboot

    # After you are satisfied that your Arch system is running well, if you are like most people not running an Arch server,
    # you'll want a Desktop Environment so you can begin using your new system productively.  See my:  'Installing a
    # Plasma-KDE Desktop Post Arch Install' section below for some ideas and an efficient DE installation process.

    __________________________


    If you ever get dropped to the EFI Shell prompt when powering up Arch Linux, which I most often notice within
    VirtualBox when running Arch Linux as UEFI-enabled Guest System, do the following:

    At the Shell prompt, type the following entries, as indicated (also remember we used --bootloader-id=ArchLinux, above):

    Shell> fs0:
    fs0:> \EFI\ArchLinux\grubx64.efi

    Hit Enter and now you should see your graphical grub Arch Linux menu.  Note my atypical use of backslashes.

    To prevent being dropped to the EFI Shell prompt in the future, enter your Arch Linux system, become root, and do:

    # nano /boot/efi/startup.nsh

    In your startup.nsh file, add these two lines:

    fs0:
    \EFI\ArchLinux\grubx64.efi

    Save and exit nano.  To test that you will no longer be dropped to the EFI Shell prompt, poweroff, not reboot,
    and fire up your Arch Linux system again.

    If you simply cannot bear the agony of the EFI Shell's five second wait prior to its loading of startup.nsh, hit any key,
    except for 'esc', and you should be immediately directed to your (hopefully, beautifully configured) grub graphical
    Arch Linux boot screen.

    This solution also works when you have installed Arch Linux as an UEFI-enabled Guest system within VirtualBox.

    __________________________


    External USB HDD/SSD Encrypted Arch Installation:

    Almost all of my standard Arch install procedure can be followed without modification when installing Arch to an
    external device.

    However, if you already have an encrypted Arch installation on a system HDD/SSD, you must ensure the names assigned to your
    PV, VG and LVs are different than whatever you used on your system drive's Arch installation.  Failure to use
    different names will cause major udev and therefore, /dev/mapper, assignment problems for you, especially when you
    try to mount your multiple encrypted Arch drives!

    Additionally, we don't want to instruct grub to use standard device names as these are very likely to change when
    using an external USB drive.  For example, our external SSD may be assigned /dev/sdc by udev during installation,
    but when we try to initially boot from it, udev may assign that external SSD to /dev/sdb, resulting in an
    unbootable system.

    The solution is to use PARTUUID, as opposed to a standard device name, in the cryptdevice statement in /etc/default/grub.

    Therefore, instead of using this example from above:

    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:MyPVdeviceName resume=/dev/mapper/Arch-swap"

    Run 'blkid' as root, and find the correct PARTUUID for your external device's encrypted partition.

    N.B.:  PARTUUIDs are completely unrelated to UUIDs.

    Substitute the correct PARTUUID for the standard device name.

    You should end up with a statement that looks similar to this:

    GRUB_CMDLINE_LINUX="cryptdevice=PARTUUID=4d2aed94-92d4-7b5e-b8df-81d7554495cf4:ArchUSBSSD resume=/dev/mapper/ArchSSD-swap"

    Now regardless of the device name assigned by udev to your external drive, the kernel will be able to find the
    correct cryptdevice.

    All other parts of my installation procedure should be followed without modification.

    __________________________


    Multi-OS-Booting Notes:

    I UEFI boot and run more than five operating systems from my SSD.
    All of my OSes UEFI boot from my single, 100 MiB, EFI partition.
    All of my OSes have encrypted root and swap, utilizing my SSD's native hardware-based AES-256-bit encryption support
    with BitLocker or Linux's software-based LUKS on LVM encryption to secure my data, when at rest.
    My Arch Linux install is just another encrypted Linux OS installation that happens to reside on my SSD.

    If you multi-boot, ensure you mount Arch's /boot/efi at your existing ESP partition.
    If you installed Windows 10 first, your EFI partition is likely to be /dev/sda2.

    In all cases, /boot, /boot/efi, and '/' partitions, at a minimum, are required to be mounted during Arch installation.

    As an example, an EFI-addicted, multi-OS booter might be doing something like:

    mount /dev/mapper/Arch-root /mnt
    swapon /dev/mapper/Arch-swap
    mkdir /mnt/boot
    mount /dev/sda17 /mnt/boot
    mkdir /mnt/boot/efi
    mount /dev/sda2 /mnt/boot/efi

    In this example, the user is likely to be using /dev/sda18 as the physical drive partition where their encrypted
    Arch root and swap filesystems will reside.  Note the user's re-use of their existing EFI partition which resides
    at /dev/sda2.

    Adapt, as necessary, for your drive's partition structure.

    Following successful Arch system installation, the path to your Arch-EFI boot file should be:

    /boot/efi/EFI/ArchLinux/grubx64.efi

    When you are multi-OS booting correctly, you should have one directory per operating system, each residing at:

    /boot/efi/EFI/

    __________________________


    BitLocker Users on Windows Notes:

    If you are running hardware-based BitLocker encryption on Windows, I recommend you Turn Off BitLocker encryption prior to
    installing Arch, or any other operating system.

    As I don't use software-based BitLocker, I cannot say whether leaving it enabled during Arch installation will cause
    problems.  Obviously, if you experience issues, you could turn BitLocker off temporarily.

    You can tell if you are using AES-256 bit hardware-based BitLocker encryption when you run from within PowerShell,
    as an Administrator:

    PS C:\WINDOWS\system32> manage-bde -status

    You see this line:
    Encryption Method:    Hardware Encryption - 1.3.111.2.1619.0.1.2

    Also note that hardware-based BitLocker can either encrypt, or decrypt, a multi-hundred GiB drive in less than 3 seconds.
    You can re-enable BitLocker after your new encrypted Arch system is UEFI booting correctly and running smoothly.

    __________________________


    Installing a Plasma-KDE Desktop Post Arch Install

    After you have rebooted into your new Arch system, and are satisfied that every aspect of your system is running correctly,
    if you're like most people not running an Arch server, you will likely want to install a desktop so you can utilize your
    new Arch system productively.

    Your choice of desktop environment is entirely up to you.  Personally, I have tried them all.  It is my opinion that if
    you are running a modern, reasonably powered PC or laptop you are doing yourself a significant disservice by running any
    of the 'lightweight desktops.'  I also think the Gnome DE is best suited for children, or unskilled users.  Keep in mind
    that you can install multiple desktops, and then choose which one to fire up at each login, but that is beyond the scope
    of this guide.

    I prefer the Plasma5-KDE environment over all the others.  If you would like to efficiently install a full
    Plasma5-KDE environment, do the following, in this order:

    # Log in as root, and not as a user

    # Fully update your Arch system:

    pacman -Syu  # If a new kernel becomes available and is now installed, reboot, before proceeding.

    # If you don't have network connectivity in your Arch system, run:

    systemctl start dhcpcd <ethernet or wlan interface name> or if WiFi only, run:

    wifi-menu

    # Now that you have an updated system, do:

    pacman -S linux-headers

    pacman -S dkms  # This will automatically rebuild your kernel modules as new upstream kernels are released.

    pacman -S xorg  #  This will install a mandatory X server.

    pacman -S xorg-apps

    reboot

    __________________________


    # Log in as root, and not as a user, and do:

    pacman -S plasma-meta  # This large package set will also provide us with sddm, the recommended Plasma5 login manager.

    systemctl enable sddm

    systemctl enable NetworkManager  # After your next reboot you will have full, correct, networking support from boot.

    pacman -S kde-applications-meta

    pacman -S xdg-user-dirs

    # If you want full (English) spelling support for all of your applications, do:

    pacman -S hunspell-en_US hyphen-en libmythes mythes-en aspell-en

    # Everyone has their own font preferences, but I agree with Arch's initial ttf-font recommendations because
    # they look great!:

    pacman -S ttf-dejavu ttf-liberation

    reboot

    __________________________


    # Log in to sddm's GUI as your user

    # Your first stop is System Settings.  Tweak 'all the things' into full compliance with 'your way.'

    # Go ROCK your fully enabled Plasma DE, and your properly encrypted Arch Linux system!!!