Boot process for iPhone and iPad devices
Each step of the startup process contains components that are cryptographically signed by Apple to enable integrity checking so that boot proceeds only after verifying the chain of trust. These components include the bootloaders, the kernel, kernel extensions, and cellular baseband firmware. This secure boot chain is designed to verify that the lowest levels of software aren’t tampered with.
When an iPhone and iPad device is turned on, its Application Processor immediately executes code from read-only memory referred to as Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication and is implicitly trusted. The Boot ROM code contains the Apple Root certificate authority (CA) public key—used to verify that the iBoot bootloader is signed by Apple before allowing it to load. This is the first step in the chain of trust, in which each step checks that the next is signed by Apple. When the iBoot finishes its tasks, it verifies and runs the iOS or iPadOS kernel. For devices with an A9 or earlier A-series processor, an additional Low-Level Bootloader (LLB) stage is loaded and verified by the Boot ROM and in turn loads and verifies iBoot.
A failure to load or verify following stages is handled differently depending on the hardware:
Boot ROM can’t load LLB (older devices): Device Firmware Upgrade (DFU) mode
LLB or iBoot: Recovery mode
In either case, the device must be connected to the Finder (macOS 10.15 or later) or iTunes (in macOS 10.14 or earlier) through USB and restored to factory default settings.
The Boot Progress Register (BPR) is used by the Secure Enclave to limit access to user data in different modes and is updated before entering the following modes:
DFU mode: Set by Boot ROM on devices with an Apple A12 or later SoCs
Recovery mode: Set by iBoot on devices with Apple A10, S2, or later SoCs
On devices with cellular access, a cellular baseband subsystem performs additional secure booting using signed software and keys verified by the baseband processor.
The Secure Enclave also performs a secure boot that checks its software (sepOS) is verified and signed by Apple.