Cold Boot is hard to implement, and can be mitigated by putting the 16kb of key memory on the L2/L3 cache or some other piece of memory that instantly clears on power off.

With FDE and memory encryption, how else can you get pass this?