diff --git a/static/features.html b/static/features.html
index 28daaa6b..23bd782a 100644
--- a/static/features.html
+++ b/static/features.html
@@ -387,6 +387,15 @@
released retains data indefinitely until the memory is handed
out for other uses and gets partially or fully overwritten by
new data.
+
In early boot, all the memory not being used by the OS is
+ zeroed to get rid of any data leftover from a previous boot in
+ case zero-on-free didn't have the opportunity to clear it as
+ part of a clean reboot/shutdown. All the devices we support have
+ a reset attack protection feature we proposed zeroing memory for
+ firmware-based boot modes, but we need to finish it up by adding
+ it for the OS boot modes ourselves. Fully encrypted RAM with a
+ per-boot key cycled on reboots will eventually obsolete these
+ features for newer devices.
Kernel stack allocations are zeroed to make most
uninitialized data usage vulnerabilities harmless.
Assorted attack surface reduction through disabling