diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks
index 0a17c3e..58eec10 100644
--- a/kickstart/veilor-os.ks
+++ b/kickstart/veilor-os.ks
@@ -48,7 +48,10 @@ rootpw --lock
 user --name=admin --groups=wheel --gecos="veilor admin" --password="" --plaintext
 
 # ── Bootloader: kernel hardening flags ──
-bootloader --location=mbr --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none"
+# Note: init_on_alloc/init_on_free removed from default live cmdline —
+# they zero every memory page at boot which 5x'd KVM live boot time.
+# Re-enable per-install via veilor-firstboot.service for production.
+bootloader --location=mbr --append="lockdown=integrity slab_nomerge randomize_kstack_offset=on vsyscall=none"
 
 # ── Live ISO partitioning (flat — for live rootfs build only) ──
 # NOTE: This is the *live* image kickstart. Final installed system uses