IBoot

Last updated
iBoot
Developer(s) Apple Inc.
Operating system Darwin, macOS, [1] iPadOS and iOS [2]
Platform x86, ARM
Type Boot loader
License Proprietary software

iBoot is the stage 2 bootloader for all Apple products. [3] It replaces the older EFI-based bootloader on Intel-based Macs. Compared with its predecessor, iBoot improves authentication performed in the boot chain. [2]

Contents

For x86-based Macs, the boot process starts by running code stored in secured UEFI boot ROM (stage 1). The boot ROM has two primary responsibilities: to initialize system hardware and to select an operating system to run (the POST and UEFI component). For ARM-based Macs, the boot ROM does not include UEFI. [4]

For iPhones, iPads and ARM-based Macs, the boot process starts by running the device's boot ROM. The boot ROM loads the Low-Level Bootloader (LLB), which is the stage 1 bootloader and loads iBoot. If all goes well, iBoot will then proceed to load the iOS, iPadOS or macOS kernel as well as the rest of the operating system. [5] [6] If the iBoot fails to load or fails to verify iOS, iPadOS or macOS, the bootloader jumps to DFU (Device Firmware Update) [7] mode; otherwise it loads the remaining kernel modules. [2] Since Apple A7 and Apple M1, the LLB is stored on NAND flash of iPhone or iPad, or SSD of Apple Silicon Mac.

On x86 Macs, iBoot is located in /System/Library/CoreServices/boot.efi. [8] Once the kernel and all drivers necessary for booting are loaded, the boot loader starts the kernel’s initialization procedure. At this point, enough drivers are loaded for the kernel to find the root device. [9]

Memory safety

Apple has modified the C compiler toolchain that is used to build iBoot in order to advance memory safety since iOS 14. This advancement is designed to mitigate entire classes of common memory corruption vulnerabilities such as buffer overflows, heap exploitations, type confusion vulnerabilities, and use-after-free attacks. These modifications can potentially prevent attackers from successfully escalating their privileges to run malicious code, such as an attack involving arbitrary code execution. [10]

Source code leak incident

In 2018, a portion of iBoot source code for iOS 9 was leaked on GitHub, [11] Apple then issued a copyright takedown request (DMCA) to GitHub to remove the repository. It was believed an Apple employee was responsible for the leak. However, this was not confirmed by Apple.

Related Research Articles

<span class="mw-page-title-main">BIOS</span> Firmware for hardware initialization and OS runtime services

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The firmware comes pre-installed on the computer's motherboard.

<span class="mw-page-title-main">Booting</span> Process of starting a computer

In computing, booting is the process of starting a computer as initiated via hardware such as a button on the computer or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so some process must load software into memory before it can be executed. This may be done by hardware or firmware in the CPU, or by a separate processor in the computer system.

<span class="mw-page-title-main">GNU GRUB</span> Boot loader package

GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

<span class="mw-page-title-main">Bootloader</span> Software responsible for starting the Computer and Load other software to the CPU memory

A bootloader, also spelled as boot loader or called bootstrap loader, is a computer program that is responsible for booting a computer. If it also provides an interactive menu with multiple boot choices then it's often called a boot manager.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification that defines an architecture for the platform firmware used for booting a computer's hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O.

coreboot Open-source computer firmware

coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.

<span class="mw-page-title-main">Power-on self-test</span> Process performed by firmware or software routines

A power-on self-test (POST) is a process performed by firmware or software routines immediately after a computer or other digital electronic device is powered on.

<span class="mw-page-title-main">Rosetta (software)</span> Operating system component

Rosetta is a dynamic binary translator developed by Apple Inc. for macOS, an application compatibility layer between different instruction set architectures. It enables a transition to newer hardware, by automatically translating software. The name is a reference to the Rosetta Stone, the artifact which enabled translation of Egyptian hieroglyphs.

In computer science, execute in place (XIP) is a method of executing programs directly from long-term storage rather than copying it into RAM. It is an extension of using shared memory to reduce the total amount of memory required.

<span class="mw-page-title-main">Hackintosh</span> Non-Apple computer running macOS

A Hackintosh is a computer that runs Apple's Macintosh operating system macOS on computer hardware that is not authorized for the purpose by Apple. This can also include running Macintosh software on hardware it is not originally authorized for. Benefits of "Hackintoshing" can include cost, ease of repair and piecemeal upgrade, and freedom to use customized choices of components that are not available in the branded Apple products. macOS can also be run on several non-Apple virtualization platforms, although such systems are not usually described as Hackintoshes. Hackintosh laptops are sometimes referred to as "Hackbooks".

<span class="mw-page-title-main">GUID Partition Table</span> Computer disk partitioning standard

The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive, using universally unique identifiers (UUIDs), which are also known as globally unique identifiers (GUIDs). Forming a part of the Unified Extensible Firmware Interface (UEFI) standard, it is nevertheless also used for some BIOSs, because of the limitations of master boot record (MBR) partition tables, which use 32 bits for logical block addressing (LBA) of traditional 512-byte disk sectors.

<span class="mw-page-title-main">Apple–Intel architecture</span> Unofficial name used for Macintosh models that use Intel x86 processors

The Apple–Intel architecture, or Mactel, is an unofficial name used for Macintosh personal computers developed and manufactured by Apple Inc. that use Intel x86 processors, rather than the PowerPC and Motorola 68000 ("68k") series processors used in their predecessors or the ARM-based Apple silicon SoCs used in their successors. As Apple changed the architecture of its products, they changed the firmware from the Open Firmware used on PowerPC-based Macs to the Intel-designed Extensible Firmware Interface (EFI). With the change in processor architecture to x86, Macs gained the ability to boot into x86-native operating systems, while Intel VT-x brought near-native virtualization with macOS as the host OS.

The boot ROM is a type of ROM that is used for booting a computer system. There are two types: a mask boot ROM that cannot be changed afterwards and a boot EEPROM.

<span class="mw-page-title-main">Das U-Boot</span> Open-source, primary boot the devices operating system kernel

Das U-Boot is an open-source boot loader used in embedded devices to perform various low-level hardware initialization tasks and boot the device's operating system kernel. It is available for a number of computer architectures, including M68000, ARM, Blackfin, MicroBlaze, AArch64, MIPS, Nios II, SuperH, PPC, RISC-V and x86.

<span class="mw-page-title-main">EFI system partition</span> Partition used by Unified Extensible Firmware Interface

The EFIsystem partition or ESP is a partition on a data storage device that is used by computers that have the Unified Extensible Firmware Interface (UEFI). When a computer is booted, UEFI firmware loads files stored on the ESP to start operating systems and various utilities.

The Linux booting process involves multiple stages and is in many ways similar to the BSD and other Unix-style boot processes, from which it derives. Although the Linux booting process depends very much on the computer architecture, those architectures share similar stages and software components, including system startup, bootloader execution, loading and startup of a Linux kernel image, and execution of various startup scripts and daemons. Those are grouped into 4 steps: system startup, bootloader stage, kernel stage, and init process. When a Linux system is powered up or reset, its processor will execute a specific firmware/program for system initialization, such as the power-on self-test, invoking the reset vector to start a program at a known address in flash/ROM, then load the bootloader into RAM for later execution. In IBM PC–compatible personal computers (PCs), this firmware/program is either a BIOS or a UEFI monitor, and is stored in the mainboard. In embedded Linux systems, this firmware/program is called boot ROM. After being loaded into RAM, the bootloader will execute to load the second-stage bootloader. The second-stage bootloader will load the kernel image into memory, decompress and initialize it, and then pass control to this kernel image. The second-stage bootloader also performs several operation on the system such as system hardware check, mounting the root device, loading the necessary kernel modules, etc. Finally, the first user-space process starts, and other high-level system initializations are performed.

<span class="mw-page-title-main">BootX (Apple)</span> Boot loader developed by Apple Inc.

BootX is a software-based bootloader designed and developed by Apple Inc. for use on the company's Macintosh computer range. BootX is used to prepare the computer for use, by loading all required device drivers and then starting-up Mac OS X by booting the kernel on all PowerPC Macintoshes running the Mac OS X 10.2 operating system or later versions.

rEFInd Boot manager for UEFI systems

rEFInd is a boot manager for UEFI and EFI-based machines. It can be used to boot multiple operating systems that are installed on a single non-volatile device. It also provides a way to launch UEFI applications.

<span class="mw-page-title-main">Apple M1</span> Series of systems-on-a-chip designed by Apple Inc.

Apple M1 is a series of ARM-based system-on-a-chip (SoC) designed by Apple Inc., part of the Apple silicon series, as a central processing unit (CPU) and graphics processing unit (GPU) for its Mac desktops and notebooks, and the iPad Pro and iPad Air tablets. The M1 chip initiated Apple's third change to the instruction set architecture used by Macintosh computers, switching from Intel to Apple silicon fourteen years after they were switched from PowerPC to Intel, and twenty-six years after the transition from the original Motorola 68000 series to PowerPC. At the time of its introduction in 2020, Apple said that the M1 had "the world's fastest CPU core in low power silicon" and the world's best CPU performance per watt. Its successor, Apple M2, was announced on June 6, 2022, at Worldwide Developers Conference (WWDC).

The Linux kernel can run on a variety of devices made by Apple, including devices where the unlocking of the bootloader is not possible with an official procedure, such as iPhones and iPads.

References

  1. "Darwin 9.2 Source Code". Apple Inc. Archived from the original on September 21, 2020. Retrieved January 19, 2020.
  2. 1 2 3 Ryan, Peter Y. A.; Naccache, David; Quisquater, Jean-Jacques (2016-03-17). The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday. Springer. ISBN   9783662493014.
  3. Hayes, Darren R. (2014-12-17). A Practical Guide to Computer Forensics Investigations. Pearson IT Certification. ISBN   9780132756150.
  4. "boot process for T2, M1, and iOS devices".
  5. Apple Inc. (May 2016). "iOS Security Guide" (PDF). apple.com. Archived (PDF) from the original on February 27, 2016.
  6. "Boot process for a Mac with Apple silicon - Apple Support". Jan 2024.
  7. "iFixit Support: DFU Restore". iFixit . Retrieved 2019-09-29.
  8. "rEFIt - The Intel Mac boot process". refit.sourceforge.net. Retrieved 2017-08-26.
  9. "The Early Boot Process". developer.apple.com. Retrieved 2017-08-26.
  10. "Memory safe iBoot implementation". Apple Platform Security. Apple. Retrieved 25 January 2023.
  11. "Apple confirms iPhone source code leak". BBC News. 9 February 2018.