diff --git a/contestops/configure-machines.sh b/contestops/configure-machines.sh
index 6e2f61e..bdcc91f 100755
--- a/contestops/configure-machines.sh
+++ b/contestops/configure-machines.sh
@@ -14,7 +14,7 @@ parallel-ssh -x "-F local.ssh_config" -h hostlist systemctl reload nftables.serv
 
 # Uncomment these lines if machines have 4K displays. This scales display to 2x.
 # parallel-scp -x "-F local.ssh_config" -h hostlist ./set-display-scale.py /usr/local/bin/set-display-scale.py
-# parallel-ssh -x "-F local.ssh_config" -h hostlist 'DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u contestant)/bus" runuser -u contestant -- python3 /usr/local/bin/set-display-scale.py'
+# parallel-ssh -x "-F local.ssh_config" -h hostlist runcontestant python3 /usr/local/bin/set-display-scale.py
 
 # Configure contest lock screen.
 parallel-scp -x "-F local.ssh_config" -h hostlist ./contest-lock.json /etc/contest-lock.json
diff --git a/contestops/readme.md b/contestops/readme.md
index d0a392b..2b7e3e5 100644
--- a/contestops/readme.md
+++ b/contestops/readme.md
@@ -168,14 +168,39 @@ rsync -e "ssh -F local.ssh_config" -av --chown contestant:contestant backups/con
 Stop the periodic backup command with Ctrl+C.
 Rename the `backups` folder to e.g. `backups-day1`.
 
-You can shut down all machines.
+Machines should be rebooted from USB stick between contests (e.g. between practice and actual contest) to ensure all data is erased.
+There is a script which helps with this: It sets the color scheme to dark as a visual marker for not yet rebooted machines, and then shows a question dialog.
+You can then insert a boot USB stick and press Enter, and the machine will reboot.
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist "nohup reboot-interactive > /dev/null 2> /dev/null &"
+```
+
+If the machines don't boot from USB stick by default, you can run the following command beforehand to make them boot from USB stick.
+This is especially useful when the boot menu is password protected, because then you don't need to enter the password again.
+This command sets the EFI BootNext setting to the current boot option.
+The BootNext setting only applies for the next boot, and is then deleted by the EFI, so you have to run the command again before rebooting again.
+This should also work when you power off the machines and turn them back on later (e.g. on the next day).
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist 'efibootmgr --bootnext $(efibootmgr | grep -xE "BootCurrent: [0-9a-fA-F]{4}" | cut "-d " -f2)'
+```
+
+An alternative to setting BootNext is to reboot using kexec.
+This is a partial reboot which does not go through EFI, so it is faster, but less reliable.
+For example, in my testing it only works once; the second time the screen stays blank.
+You can try improving the reliability, but otherwise I would avoid this method.
+
+```
+parallel-ssh -x "-F local.ssh_config" -h hostlist 'kexec --kexec-file-syscall --load /vmlinuz --initrd=/initrd.img --append="$(cat /proc/cmdline)"'
+```
+
+When the event is over, you can shut down all machines:
 
 ```
 parallel-ssh -x "-F local.ssh_config" -h hostlist poweroff
 ```
 
-Machines should be shut down and booted again from USB stick between contests (e.g. between practice and actual contest) to ensure all data is erased.
-
 ## Contest lock screen
 
 The contest lock screen is a gnome extension which can lock the screen and show a countdown until the contest starts.
diff --git a/os/layers/contestant/includes.chroot/usr/local/bin/reboot-interactive b/os/layers/contestant/includes.chroot/usr/local/bin/reboot-interactive
index 0afb060..825bc5e 100755
--- a/os/layers/contestant/includes.chroot/usr/local/bin/reboot-interactive
+++ b/os/layers/contestant/includes.chroot/usr/local/bin/reboot-interactive
@@ -2,15 +2,11 @@
 
 set -eu
 
-# Reboot with kexec.
-# This has the advantage that we don't need to go through the system boot menu,
-# which is especially useful when the boot menu is password protected.
-# However, we currently can't preserve the squashfs in RAM across kexec,
-# so the boot USB stick needs to be plugged in before rebooting.
+# Set dark color scheme, as a way to mark machines which have not been rebooted
+# yet. This should make it less likely to forget to reboot some machines.
+runcontestant gsettings set org.gnome.desktop.interface color-scheme prefer-dark
 
-kexec --kexec-file-syscall --load /vmlinuz --initrd=/initrd.img --append="$(cat /proc/cmdline)"
-
-if XDG_RUNTIME_DIR="/run/user/$(id -u contestant)" runuser -u contestant -- zenity --question --title="Reboot?" --text="Press Enter after inserting the boot USB stick."
+if runcontestant zenity --question --title="Reboot?" --text="Press Enter after inserting the boot USB stick."
 then
   reboot
 fi
diff --git a/os/layers/contestant/includes.chroot/usr/local/bin/runcontestant b/os/layers/contestant/includes.chroot/usr/local/bin/runcontestant
new file mode 100755
index 0000000..8bf2f86
--- /dev/null
+++ b/os/layers/contestant/includes.chroot/usr/local/bin/runcontestant
@@ -0,0 +1,7 @@
+#!/bin/bash
+# This script allows running a command as the contestant user, with environment
+# variables for that user. This allows e.g. running graphical commands.
+set -o allexport
+XDG_RUNTIME_DIR="/run/user/$(id -u contestant)"
+eval "$(runuser -u contestant -- systemctl --user show-environment)"
+exec /usr/sbin/runuser -u contestant -- "$@"
diff --git a/os/layers/contestant/package-lists/contestant.list.chroot b/os/layers/contestant/package-lists/contestant.list.chroot
index a64b790..4e82fcf 100644
--- a/os/layers/contestant/package-lists/contestant.list.chroot
+++ b/os/layers/contestant/package-lists/contestant.list.chroot
@@ -8,5 +8,8 @@ nftables
 # Reboot with kexec
 kexec-tools
 
+# Reboot with BootNext
+efibootmgr
+
 # For importing client certificate
 libnss3-tools
diff --git a/os/layers/live/hooks/live/2005-live.hook.chroot b/os/layers/live/hooks/live/2005-live.hook.chroot
index 6e1f34b..fa875a7 100644
--- a/os/layers/live/hooks/live/2005-live.hook.chroot
+++ b/os/layers/live/hooks/live/2005-live.hook.chroot
@@ -5,6 +5,8 @@ set -eu
 # Enable the live system configuration script at boot.
 systemctl enable live-config.service
 
+systemctl enable detect-swap.service
+
 # Disable automatic apt update.
 systemctl disable apt-daily.timer
 systemctl disable apt-daily-upgrade.timer
diff --git a/os/layers/live/includes.chroot/usr/local/bin/detect-swap b/os/layers/live/includes.chroot/usr/local/bin/detect-swap
old mode 100644
new mode 100755
diff --git a/os/layers/training-installer/includes.installer/preseed.cfg b/os/layers/training-installer/includes.installer/preseed.cfg
index c0f2bd8..6095c9e 100644
--- a/os/layers/training-installer/includes.installer/preseed.cfg
+++ b/os/layers/training-installer/includes.installer/preseed.cfg
@@ -19,6 +19,7 @@ d-i passwd/user-password-crypted password @install_admin_password@
 d-i partman-auto/method string regular
 d-i partman-auto/init_automatically_partition select some_device
 d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/cap-ram string false
 d-i partman/choose_partition select finish
 
 d-i apt-setup/use_mirror boolean false