iOS secure boot chain

The iOS secure boot chain system uses secure boot chain mechanism to provide security in the booting process. We have seen many rootkits and malware that infect at boot level. The iOS secure boot chain ensures that low-level software is not compromised and iOS is running on validated iDevice.

The following figure is the block diagram for an iOS secure boot chain:

Let's study iOS secure boot chain step by step, as follows:

• Boot ROM
  • This is implicitly trusted
  • It is known as a hardware root of trust
  • This code is contained in the processor and cannot be updated or changed
  • This also contains the Apple root certificate with authentic public key and uses it to verify that the low-level boot loader is properly signed and has not been tampered before loading
• Low-level boot loader
  • This is the lowest level of code that can be updated
  • It also verifies the signatures of firmware of iBoot before loading it
• iBoot
  • It verifies the signature of the iOS kernel before starting the kernel
  • This secure boot chain also prevents any malwares that can affect at the boot level