# Auto-Reboot

> [!toc] Table of Contents
>
> <!-- toc -->

Because all encrypted devices store their encryption keys in their RAM after you first
entered the device password during the start up, bad actors could try to read your
encryption keys out of the RAM, even when your device is just screen locked.

> [!technical] What is RAM?
>
> In very short, the RAM is a very fast memory device, that has one important feature
> for us: it loses all data, when the power is turned off!

Because of this, we want to automatically turn off our devices to clear our encryption
keys from the RAM.

Automatic reboot can be configured on all PC platforms and some Android devices.
Instructions for the native functions of the various platforms are provided below. No
additional programs need to be installed.

## PC

### Linux

On Linux, you can use `crontab` for automatic jobs such as auto reboot. For example, to
set the PC to restart every morning at 4 a.m.:

- Open Terminal _(`Command Line`)_
- Enter this command in the terminal: `sudo crontab -e`

An editor will now open _(or you will need to select one, TIP: select `nano`)_

- Paste the following line at the bottom: `0 4   *   *   *    /sbin/shutdown -r`
  - To do this, copy the line above
  - Go back to the command line in the editor
  - `Right-click > Paste`
  - First press `Control` + `S` for “safe”
    - then press `Control`+`X` for “exit”
  - Done

> [!technical] Explanation of the <em>cron</em> command
>
> `0 4   *   *   *    /sbin/shutdown -r`
>
> From left to right:
>
> - zero minutes
> - fourth hour
> - \*th day of the month
> - \*th month
> - \*th day of the week
> - Execute the terminal command `/sbin/shutdown -r`
>
> The asterisks mean “all possible values.” This means that the complete line reads:
>
> Execute the command `/sbin/shutdown -r` **every month** on **every day** at **hour 4**
> at **minute 0**.
>
> The `-r` at the end of `/sbin/shutdown -r` stands for `reboot`. If you simply omit
> this `-r`, the PC will not restart automatically, but will simply remain off.

#### Additional settings when using suspend mode

Especially on laptops suspend mode is used often when people close the lid. This leads
to the situation where the above cronjob is not sufficient, because it does not work
while in suspend. This leads to the system being vulnerable to attacks. Therefore we
need to introduce another automated action to ensure the device will shut down securely.
This is done by waking up the system from suspend 5 minutes before it shall be shut down
by using the Linux module _(`systemd`)_

- Open Terminal _(`Command Line`)_
- Enter this command in the terminal:
  `sudo nano /etc/systemd/system/set-wakealarm.service`
- Past the following content into the file:

```sh
[Unit]
Description=Daily wake up from suspend

[Service]
Type=oneshot
ExecStart=/bin/bash -c "/usr/sbin/rtcwake -a -m no -t $(date -d 'tomorrow 03:55' +%%s)"
[Install]
WantedBy=multi-user.target
```

> [!technical] Explanation of the <em>systemd</em> job
>
> `[Unit]` just contains the description
>
> `[Service]` contains the job which shall be executed in which mode.
>
> `Type=oneshot` means it will be executed once
>
> `ExecStart` is the command which shall be executed.
>
> `/bin/bash -c` just tells systemd to run a new bash console and execute the command in
> `"..."`
>
> `/usr/sbin/rtcwake` will execute the programm rtcwake which will set a wake up alarm
> in the devices hardware timer
>
> `-a` uses automatic clock detection
>
> `-m no` tells the programm to not do any direct action, only set the RTC wakeup time.
>
> `-t $(date -d 'tomorrow 03:55' +%%s)` is a complicated way of setting the wakeup time
> to 3:55

- After that, the following two commands will advise systemd to directly make use of the
  new wakeup command

```sh
sudo systemctl daemon-reload
sudo systemctl enable set-wakealarm.service
```

- To test if everything is setup correctly this command can be used:
  `sudo systemctl start set-wakealarm.service`
- In case the command finishes without any output, it's set up correctly.
- After that, you can check if the wakeup time was set correctly in the devices hardware
  timer: `cat /proc/driver/rtc` There you should see the following values:

```sh
[...]
alrm_time : 02:55:01 (Attention, this is UTC, which might have an offset to your local timezone)
alrm_date : <date of the next day>
alarm_IRQ : yes
[...]
```

- It is highly recommended to test if this works the next couple of nights. So put your
  device in suspend in the evening and check if it is shut down the next morning. With
  `journalctl --list-boots` you can check when your PC was running, which includes times
  in suspend mode.

### MacOS

- Click on the `Apple logo` in the menu bar.
- `System Preferences`
- `Energy Saver`
- `Schedule`

![MacOS Energy Saver](https://esc-it.org/assets/articles/en/instructions/auto-reboot/mac-energy_saver.png)

The top checkbox can be used to specify when the PC should be restarted when it is
turned off. We are not interested in this. We want to automatically turn off the PC to
clear the RAM.

- So we select the bottom checkbox
- `Every day`
- Choosing the reboot time is up to you, but we would recommend a time at night (e.g., 2
  a.m.), as this is when we usually do not use the computer. Additionally, house
  searches are often conducted in the morning, so rebooting our computer beforehand
  makes sense.

### Windows

We can use the `Task Scheduler` to shut down the computer, restart it, or perform any
action once or at regular intervals.

If you prefer to follow a video tutorial, there is also
[YouTube video](https://youtu.be/GTms7YODF9g) on this topic.

- Enter `taskschd.msc` in the Start search and open Task Scheduler.
- In the right-hand bar, click on `Create basic task`
  - Give the task a name, e.g. `Auto Reboot`
  - `Execute whether the user is logged on or not`
- Go to the next tab and select `Triggers`
  - `Daily`
  - Set the restart time _(e.g. 2 a.m.)_.
  - Start date and start time: Select the current time _i.e. valid from now_
- `OK` and go to the next tab `Action`. Here, select `Start a program`
  - Now enter `shutdown` in the `Program/script` field
  - Now enter `/r /f` in the `Add arguments` field
  - The `\r` stands for `reboot`. If you only enter `/f` there, the PC will not restart
    automatically, but will simply remain off.
- `Next` and go to the next tab `Conditions`
- Make sure that under the “Power” section:
  - the top two checkboxes are unchecked, i.e. off
  - and the last one, “Wake the computer to run this program,” is checked.
- Click `Next` to check everything and then click “Finish.”
- Finally, you will probably have to enter your password.

## Mobile devices

### Android

An automatic restart can also be set on common Android devices.
[GrapheneOS](https://wiki.aktivismus.org/recommendations/graphene-os.md#exploit-protection) even offers the
option to restart the device whenever it has been unlocked for X hours.

A restart at a fixed time can be set as follows:

- `Settings`
- `Utilities`
- `Scheduled power on and off`

Here you can now specify when the device should always shut down and when it should
restart.

### iOS

Unfortunately, iOS does not currently offer a function for scheduled restarts.