Boot ROM is a piece of

read-only memory Read-only memory (ROM) is a type of non-volatile memory used in computers and other electronic devices. Data stored in ROM cannot be electronically modified after the manufacture of the memory device. Read-only memory is useful for storing sof ...

(ROM) that is used for

booting In computing, booting is the process of starting a computer as initiated via Computer hardware, hardware such as a physical button on the computer or by a software command. After it is switched on, a computer's central processing unit (CPU) h ...

a computer system. It contains instructions that are run after the CPU is reset to the reset vector, and it typically loads a

bootloader A bootloader, also spelled as boot loader or called bootstrap loader, is a computer program that is responsible for booting a computer and booting an operating system. If it also provides an interactive menu with multiple boot choices then it's o ...

. There are two types of boot ROM: a mask boot ROM that cannot be changed afterwards, and a writable boot ROM such as an

EEPROM EEPROM or E2PROM (electrically erasable programmable read-only memory) is a type of non-volatile memory. It is used in computers, usually integrated in microcontrollers such as smart cards and remote keyless systems, or as a separate chip d ...

or a

flash memory Flash memory is an Integrated circuit, electronic Non-volatile memory, non-volatile computer memory storage medium that can be electrically erased and reprogrammed. The two main types of flash memory, NOR flash and NAND flash, are named for t ...

chip.

Purpose

Upon power up, hardware usually starts uninitialized. To continue booting, the system may need to read a bootloader from some

peripheral device A peripheral device, or simply peripheral, is an auxiliary hardware device that a computer uses to transfer information externally. A peripheral is a hardware component that is accessible to and controlled by a computer but is not a core compo ...

. It is often easier to implement routines for reading from external storage devices in software than in hardware. A boot ROM provides a place to store this initial loading code, at a fixed location immediately available to the processor when execution starts.

Operation

The boot ROM is mapped into memory at a fixed location, and the processor is designed to start executing from this location after reset, according to the processor's reset vector. The boot ROM is either placed on the same die as the CPU or is an external

ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * ...

chip. On modern systems, the boot ROM (whether integrated into CPU or external ROM chip) usually uses NOR flash, which supports execute in place. The boot ROM will then initialize the hardware busses and peripherals needed to boot. In some cases, the boot ROM is capable of initializing

RAM Ram, ram, or RAM most commonly refers to: * A male sheep * Random-access memory, computer memory * Ram Trucks, US, since 2009 ** List of vehicles named Dodge Ram, trucks and vans ** Ram Pickup, produced by Ram Trucks Ram, ram, or RAM may also ref ...

, and in other cases it is up to the

to do that. At the end of the hardware initialization, the boot ROM will try to load a bootloader from external peripheral(s) (such as a

hard disk drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, pla ...

solid-state drive A solid-state drive (SSD) is a type of solid-state storage device that uses integrated circuits to store data persistently. It is sometimes called semiconductor storage device, solid-state device, or solid-state disk. SSDs rely on non- ...

, an eMMC or eUFS card, a

microSD Secure Digital (SD) is a proprietary hardware, proprietary, non-volatile memory, non-volatile, flash memory card format developed by the SD Association (SDA). Owing to their compact size, SD cards have been widely adopted in a variety of port ...

card, an external EEPROM, and so on) or through specific protocol(s) on a communications port (such as a

serial port A serial port is a serial communication Interface (computing), interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in Pa ...

Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

, etc.). In many systems on a chip (SoC), the peripherals or buses from which the boot ROM tries to load the bootloader, and the order in which they are loaded, can be configured. This configuration can be done by blowing some electronic fuses inside the system on a chip to encode that information, or by having specific pins or jumpers of the system on a chip high or low. Some boot ROMs are capable of checking the digital signature of the bootloader and will refuse to run the bootloader and stop the boot if the signature is not valid or has not been signed with an authorized key. With some boot ROMs, the

hash Hash, hashes, hash mark, or hashing may refer to: Substances * Hash (food), a coarse mixture of ingredients, often based on minced meat * Hash (stew), a pork and onion-based gravy found in South Carolina * Hash, a nickname for hashish, a canna ...

of the public key needed to verify the signatures is encoded in electronic fuses inside the SoC. Some systems on a chip boot ROMs also support a

public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...

and the hash of the

certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...

(CA) public key is encoded in the electronic fuses instead, and the boot ROM will then be able to check if the bootloader is signed by an authorized key by verifying that key with the CA public key (whose hash is encoded in the electronic fuses). That feature can then be used to implement security features or used as a hardware

root of trust In cryptographic systems with hierarchical structure, a trust anchor is an authoritative entity for which trust is assumed and not derived. In the X.509 architecture, a root certificate would be the trust anchor from which the whole chain of ...

in a

chain of trust In computer security, a chain of trust is established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while sti ...

, but once configured, users are denied the freedom to replace the bootloader with the one they want without the use of boot ROM exploits. Because of this, the feature has raised strong concerns from the free software community. Just before jumping to the bootloader, some systems on a chip also remove the boot ROM from the memory mapping, while others do not, making it possible to dump the boot ROM for later

analysis Analysis (: analyses) is the process of breaking a complex topic or substance into smaller parts in order to gain a better understanding of it. The technique has been applied in the study of mathematics and logic since before Aristotle (38 ...

. If the boot ROM is still accessible, bootloaders can also call the code of the boot ROM (which is sometimes documented).

Suspend to RAM

When a

system on a chip A system on a chip (SoC) is an integrated circuit that combines most or all key components of a computer or Electronics, electronic system onto a single microchip. Typically, an SoC includes a central processing unit (CPU) with computer memory, ...

(SoC) enters suspend to RAM mode, in many cases, the processor is completely off while the RAM is put in self refresh mode. At resume, the boot ROM is executed again and many boot ROMs are able to detect that the SoC was in suspend to RAM mode and can resume by jumping directly to the kernel which then takes care of powering on again the peripherals which were off and restoring the state that the computer was in before.

Specific implementations

Allwinner

On many Allwinner systems on a chip (A10, A20, A64), the boot ROM either waits for a

to be loaded through USB (if a specific PIN is high) or tries to boot on several peripherals in a fixed order. Some Allwinner systems on a chip can verify the signature of the booloaders. But most devices being manufactured are not configured for that. This has enabled

free and open-source software Free and open-source software (FOSS) is software available under a license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term encompassing free ...

to add support for many Allwinner systems on a chip and devices using them in

s like U-Boot.

Apple

iPhone The iPhone is a line of smartphones developed and marketed by Apple that run iOS, the company's own mobile operating system. The first-generation iPhone was announced by then–Apple CEO and co-founder Steve Jobs on January 9, 2007, at ...

iPad The iPad is a brand of tablet computers developed and marketed by Apple Inc., Apple that run the company's mobile operating systems iOS and later iPadOS. The IPad (1st generation), first-generation iPad was introduced on January 27, 2010. ...

Apple Watch The Apple Watch is a brand of smartwatch products developed and marketed by Apple Inc., Apple. It incorporates activity tracker, fitness tracking, Health (Apple), health-oriented capabilities, and wireless telecommunication, and integrates wit ...

iPod Touch The iPod Touch (stylized as iPod touch) is a discontinued line of iOS-based mobile devices designed and formerly marketed by Apple Inc. with a touchscreen-controlled user interface. As with other iPod models, the iPod Touch can be used as a po ...

, and

Apple TV Apple TV is a digital media player and a microconsole developed and marketed by Apple. It is a small piece of networking hardware that sends received media data such as video and audio to a TV or external display. Its media services include ...

devices, the boot ROM is called "SecureROM" It is a stripped-down version of iBoot. It provides a Device Firmware Upgrade (DFU) mechanism, which can be activated using a special button combination.

NXP

The boot ROM of NXP systems on a chip (SOCs) support configuring the peripherals through specific pins of the system on a chip. On the i.MX6 family it also supports configuring the boot order through

eFuse In computing, an eFuse (electronic fuse) is a microscopic fuse put into a computer chip. This technology was invented by IBM in 2004 to allow for the dynamic real-time reprogramming of chips. In the abstract, computer logic is generally "etched" ...

s. The boot ROM of several NXP SoCs have many ways to load the first stage

(from eMMC, microSD, USB, etc.). Several NXP SoCs can be configured to verify the signature of the bootloaders. Many devices with such SoCs were sold without that verification configured and on those devices users can install the bootloader they want, including several

s like

Das U-Boot Das U-Boot (subtitled "the Universal Boot Loader" and often shortened to U-Boot; see ''#History, History'' for more about the name) is an open-source software, open-source Bootloader, boot loader used in Embedded system, embedded devices to per ...

and Barebox.

Texas Instruments

The boot ROMs of several Texas Instruments systems on a chip support configuring the peripherals through specific pins of the system on a chip. They have many ways to load the first stage

(which is called MLO in the systems on a chip reference manuals): * It can be loaded from various storage devices (MMC/SD/eMMC, NAND, etc.). * With MMC/SD/eMMC, it can be loaded directly from card sectors (called RAW mode in the manual) or from a FAT12/16/32 partition. * It can also be loaded from USB or UART. On the OMAP36xx system on a chip, the boot ROM looks for the first stage bootloader at the sectors 0x0 and 0x20000 (128KB), and on the AM3358

, it additionally looks at 0x40000 (256KiB) and 0x60000 (384KiB). In both cases its maximum size is 128KiB. This is because the (first stage) bootloader is loaded in an SRAM that is inside the system on a chip. The OMAP and AM335x systems on a chip can be configured to verify the signature of the bootloaders. Many devices with such system on a chip were sold without verification configured and on those devices users can install the bootloader they want, including several

bootloaders like

and

Coreboot coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...

and Barebox.

STMicroelectronics

STMicroelectronics STM32 family

microcontroller A microcontroller (MC, uC, or μC) or microcontroller unit (MCU) is a small computer on a single integrated circuit. A microcontroller contains one or more CPUs (processor cores) along with memory and programmable input/output peripherals. Pro ...

s have embedded ROM (also referred as "on-chip ROM") called ''system memory'' to facilitate empty system flashing. Certain pin combinations or sometimes efuses and/or empty flash checks force the chip to boot from ROM instead of the firmware in main flash. This allows empty chips to be flashed without resorting to hardware programming interfaces. Technically this ROM is stored in a dedicated area of the flash array and programmed by ST during production. Most STM32 microcontrollers can at least be flashed over UART, some support USB and eventually other interfaces like e.g. I2C, SPI, or CAN. The Cortex-M core normally fetches vectors from the well-known addresses 0x00000000 (initial

stack pointer A stack register is a computer central processor register whose purpose is to keep track of a call stack. On an accumulator-based architecture machine, this may be a dedicated register. On a machine with multiple general-purpose registers, it m ...

value) and 0x00000004 (initial

program counter The program counter (PC), commonly called the instruction pointer (IP) in Intel x86 and Itanium microprocessors, and sometimes called the instruction address register (IAR), the instruction counter, or just part of the instruction sequencer, ...

value). However pins and/or fuses define which memory is mapped at these addresses. System memory is one of the mapping options, another would typically be main firmware in flash. In this case, firmware is supposed to do all the jobs boot ROMs do; part of the firmware could act as a bootloader similar to ST's boot ROM. Hardware could provide read-only enforcement on the boot area, turning it into a user-provided version of boot ROM.

Security

Apple

On devices running

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

, boot ROM exploits (like the limera1n, alloc8, and checkm8 exploits) are sometimes used for iOS jailbreaking. The advantage for people wanting to jailbreak their devices over exploits that affect

is that since the boot ROM cannot be modified—and that devices running

do not have fuses to append code to the boot ROM, Apple cannot fix the vulnerability on existing devices.

Nvidia Tegra

The boot ROM of the

Tegra Tegra is a system on a chip (SoC) series developed by Nvidia for mobile devices such as smartphones, personal digital assistants, and mobile Internet devices. The Tegra integrates an ARM architecture central processing unit (CPU), graphics pr ...

SoC of

Nvidia Nvidia Corporation ( ) is an American multinational corporation and technology company headquartered in Santa Clara, California, and incorporated in Delaware. Founded in 1993 by Jensen Huang (president and CEO), Chris Malachowsky, and Curti ...

(used by the

Nintendo Switch The is a video game console developed by Nintendo and released worldwide in most regions on March 3, 2017. Released in the middle of the Eighth generation of video game consoles, eighth generation of home consoles, the Switch succeeded the ...

) contained a vulnerability which made it possible for users to run the

they want.

References

{{Firmware and booting Computer memory Firmware Booting

Purpose

Operation

Suspend to RAM

Specific implementations

Allwinner

Apple

NXP

Texas Instruments

STMicroelectronics

Security

Apple

Nvidia Tegra

See also

References