Glossary
Boot ROM
The first code that runs on power-on. Mask-programmed at silicon manufacture, immutable, and the cryptographic root of the entire boot chain.
Boot ROM is the very first code that runs when an Apple Silicon SoC powers on. It's literal ROM — mask-programmed at silicon manufacture, unpatchable in the field. Even Apple can't update it once a chip is in the customer's hands.
What Boot ROM does:
- Initialize the bare minimum hardware needed to read flash storage.
- Load LLB (Low-Level Bootloader) from the SoC's NOR flash.
- Verify LLB's cryptographic signature against an Apple public key hash fused into the SEP at silicon manufacture.
- If valid: jump to LLB.
- If invalid: enter DFU (Device Firmware Update) mode, exposing a USB-C interface for restoration from a connected Mac.
Boot ROM is the cryptographic anchor of the entire system. Every signed thing that runs after it (LLB, iBoot, kernelcache, kernel, every userspace process, every notarized app) chains back to keys ultimately verified by Boot ROM.
This is why Apple Silicon security is rooted in silicon. The trust chain extends:
your binary
↑ signed by
Developer ID CA
↑ signed by
Apple Root CA (in macOS install)
↑ verified by
sealed system volume seal
↑ verified by
kernelcache signature
↑ verified by
iBoot signature
↑ verified by
LLB signature
↑ verified by
Boot ROM (fused public-key hash at the SEP)
See also: iBoot, Secure Enclave, and the Boot ROM and Secure Boot article.