The boot ROM is a type of

ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * ...

that is used for

booting In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...

a computer system. There are two types: a

mask A mask is an object normally worn on the face, typically for protection, disguise, performance, or entertainment and often they have been employed for rituals and rights. Masks have been used since antiquity for both ceremonial and practic ...

boot ROM that cannot be changed afterwards and a boot

EEPROM EEPROM (also called E2PROM) stands for electrically erasable programmable read-only memory and is a type of non-volatile memory used in computers, usually integrated in microcontrollers such as smart cards and remote keyless systems, or as a ...

, which can contain an

UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...

implementation.

Purpose

Upon power up, hardware usually starts uninitialized. To continue booting, the system may need to read a

bootloader A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, an ...

from some peripheral device. It is often easier to implement routines for reading from external storage devices in software than in hardware. A boot ROM provides a place to store this initial loading code, at a fixed location immediately available to the processor when execution starts.

Operation

The boot ROM is mapped into memory at a fixed location, and the processor is designed to start executing from this location after reset. Usually, it is placed on the same die as the CPU, but it can also be an external

chip, as is common in older systems. The boot ROM will then initialize the hardware busses and peripherals needed to boot. In some cases the boot ROM is capable of initializing

RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...

, and in other cases it is up to the

to do that. At the end of the hardware initialization, the boot ROM will try to load a

from external peripheral(s) (like an eMMC, a microSD card, and so on) or through specific protocol(s) on a bus for data transmission (like USB, UART, etc). In many systems on a chip, the peripherals or buses from which the boot ROM tries to load the

, and the order in which they are loaded, can be configured. This configuration can be done by blowing some electronic fuses inside the

system on a chip A system on a chip or system-on-chip (SoC ; pl. ''SoCs'' ) is an integrated circuit that integrates most or all components of a computer or other electronic system. These components almost always include a central processing unit (CPU), memory ...

to encode that information, or by having specific pins of the

high or low at boot. Some boot ROMs are capable of checking the

digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...

of the

and will refuse to run the bootloader and stop the boot if the signature is not valid or has not been signed with an authorized key. With some boot ROMs the hash of the public key needed to verify the signatures is encoded in electronic fuses inside the

. Some

boot ROMs also support a

Public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...

and the hash of the

certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...

(CA) public key is encoded in the electronic fuses instead, and the boot ROM will then be able to check if the

is signed by an authorized key by verifying that key with the CA public key (whose hash is encoded in the electronic fuses).. That feature can then be used to implement security features or used as a hardware root of trust in a

Chain of trust In computer security, a chain of trust is established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while still ...

, but once configured, users are denied the freedom to replace the

with the one they want. Because of this the feature has raised strong concerns from the free software community. Just before jumping to the

, some systems on a chip also remove the boot ROM from the memory mapping, while others do not, making it possible to dump the boot ROM from later analysis. If the boot ROM is still visible, bootloaders can also call the code of the boot ROM (which is sometimes documented).

Suspend to RAM

When a

enters suspend to RAM mode, in many cases, the processor is completely off while the RAM is put in self refresh mode. At resume, the boot ROM is executed again and many boot ROMs are able to detect that the

was in suspend to RAM and can resume by jumping directly to the

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...

which then takes care of powering on again the peripherals which were off and restoring the state that the computer was in before.

Specific implementations

Allwinner

On many Allwinner

System on a chip A system on a chip or system-on-chip (SoC ; pl. ''SoCs'' ) is an integrated circuit that integrates most or all components of a computer or other electronic system. These components almost always include a central processing unit (CPU), memory ...

(A10, A20, A64), the boot ROM either waits for a

to be loaded through USB (if a specific PIN is high) or tries to boot on several peripherals in a fixed order. Some Allwinner systems on a chip can verify the signature of the booloaders. But most devices being manufactured are not configured for that. This has enabled

free and open-source software Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

to add support for many Allwinner systems on a chip and devices using them in

bootloaders A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, an ...

U-Boot U-boats were naval submarines operated by Germany, particularly in the First and Second World Wars. Although at times they were efficient fleet weapons against enemy naval warships, they were most effectively used in an economic warfare role ...

Apple

iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...

devices, the boot ROM is called "SecureROM". It is a stripped down version of

iBoot iBoot is the stage 2 bootloader for all Apple products. It replaces the old bootloader, BootX. Compared with its predecessor, iBoot improves authentication performed in the boot chain. For x86 macOS, the boot process starts by running code stor ...

. It provides a Device Firmware Upgrade (DFU) mechanism, which can be activated using a special key combination.

NXP

The boot ROM of NXP systems on a chip support configuring the peripherals through specific pins of the system on a chip. On the I.MX6 family it also supports configuring the boot order through

efuses In computing, an eFuse (electronic fuse) is a microscopic fuse (electrical), fuse put into a integrated circuit, computer chip. This technology was invented by IBM in 2004 to allow for the dynamic real-time reprogramming of chips. In the abstract, ...

. The boot ROM of several NXP systems on a chip have many ways to load the first stage

(from eMMC, microSD, USB, etc). Several NXP systems on a chip can be configured to verify the signature of the bootloaders. Many devices with such

were sold without that verification configured and on those devices users can install the

they want, including several

Das U-Boot Das U-Boot (subtitled "the Universal Boot Loader" and often shortened to U-Boot; see ''History'' for more about the name) is an open-source, primary boot loader used in embedded devices to package the instructions to boot the device's operating ...

and

Barebox Barebox is a primary boot loader used in embedded devices. It is free software under the GPL-2.0-only license. It is available for a number of different computer architectures, including ARM, x86, MIPS and RISC-V. History The Barebox project ...

Texas Instruments

The boot ROM of several Texas Instruments systems on a chip support configuring the peripherals through specific pins of the system on a chip. The boot ROM of several Texas Instruments systems on a chip have many ways to load the first stage

(which is called MLO in the systems on a chip reference manuals): * It can be loaded from various storage devices (MMC/SD/eMMC, NAND, etc). * With MMC/SD/eMMC, it can be loaded directly from card sectors (called RAW mode in the manual) or from a FAT12/16/32 partition. * It can also be loaded from USB or UART. On the OMAP36xx

, the boot ROM looks for the first stage

at the sectors 0x0 and 0x20000 (128KB), and on the AM3358

, it additionally looks at 0x40000 (256KiB) and 0x60000 (384KiB). In both cases its maximum size is 128KiB. This is because the (first stage)

is loaded in an SRAM that is inside the

. The OMAP and AM335x systems on a chip can be configured to verify the signature of the booloaders. Many devices with such

were sold without verification configured and on those devices users can install the

they want, including several

and

Coreboot coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...

and

STMicro STM32

STMicro

STM32 STM32 is a family of 32-bit microcontroller integrated circuits by STMicroelectronics. The STM32 chips are grouped into related series that are based around the same 32-bit ARM architecture, ARM processor core, such as the ARM Cortex-M#Cortex ...

family

microcontroller A microcontroller (MCU for ''microcontroller unit'', often also MC, UC, or μC) is a small computer on a single VLSI integrated circuit (IC) chip. A microcontroller contains one or more CPUs (processor cores) along with memory and programmable i ...

s have built-in on-chip ROM (also referred as "built-in bootloader") to facilitate empty system flashing. Certain pin combinations or sometimes efuses and/or empty flash checks force the chip to boot from ROM instead of the firmware in main flash. This allows empty chips to be flashed without resorting to hardware programming interfaces. Technically this ROM is stored in a dedicated area of the flash array and programmed by STMicro during production. Most STM32 microcontrollers can at least be flashed over UART, some support USB and eventually other interfaces like e.g.

I2C I, or i, is the ninth letter and the third vowel letter of the Latin alphabet, used in the modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is ''i'' (pronounced ), plural ...

, SPI, or CAN. The

Cortex-M The ARM Cortex-M is a group of 32-bit RISC ARM processor cores licensed by Arm Holdings. These cores are optimized for low-cost and energy-efficient integrated circuits, which have been embedded in tens of billions of consumer devices. Thou ...

CPU core normally fetches vectors from the well-known addresses 0x00000000 (initial

stack pointer In computer science, a call stack is a stack data structure that stores information about the active subroutines of a computer program. This kind of stack is also known as an execution stack, program stack, control stack, run-time stack, or mach ...

value) and 0x00000004 (initial

program counter The program counter (PC), commonly called the instruction pointer (IP) in Intel x86 and Itanium microprocessors, and sometimes called the instruction address register (IAR), the instruction counter, or just part of the instruction sequencer, is ...

value). However pins and/or fuses define which memory is mapped at these addresses. Built-in boot ROM is one of the mapping options, another would typically be main firmware in flash. In this case, firmware is supposed to do all the jobs boot ROMs do; part of the firmware could act as a bootloader similar to ST's boot ROM. Hardware could provide read-only enforcement on the boot area, turning it into a user-provided version of boot ROM.

Known vulnerabilities and exploits

Apple

On devices running

, boot ROM exploits (like Limera1n and checkm8) are sometimes used for iOS jailbreaking. The advantage for people wanting to jailbreak their devices over exploits that affect

is that since the boot ROM cannot be modified—and that devices running

do not have fuses to append code to the boot ROM, Apple cannot fix the vulnerability on existing devices.

Nvidia Tegra

The boot ROM of the

Tegra Tegra is a system on a chip (SoC) series developed by Nvidia for mobile devices such as smartphones, personal digital assistants, and mobile Internet devices. The Tegra integrates an ARM architecture central processing unit (CPU), graphics proc ...

SoC of

Nvidia Nvidia CorporationOfficially written as NVIDIA and stylized in its logo as VIDIA with the lowercase "n" the same height as the uppercase "VIDIA"; formerly stylized as VIDIA with a large italicized lowercase "n" on products from the mid 1990s to ...

(used by the

Nintendo Switch The is a hybrid video game console developed by Nintendo and released worldwide in most regions on March 3, 2017. The console itself is a Tablet computer#Gaming tablet, tablet that can either be docking station, docked for use as a home video ...

) contained a vulnerability which made it possible for users to run the

they want.

References

{{Firmware and booting Computer memory Firmware

Purpose

Operation

Suspend to RAM

Specific implementations

Allwinner

Apple

NXP

Texas Instruments

STMicro STM32

Known vulnerabilities and exploits

Apple

Nvidia Tegra

See also

References