What happens in early kernel boot on Apple Silicon?
12 hours ago
- #Secure Boot
- #macOS startup
- #Apple silicon
- Secure Boot on Apple silicon Mac involves multiple stages starting from Boot ROM, through two firmware levels before loading the kernel.
- Boot ROM is hardware-based, unchangeable, and verifies the next stage's executable; falls back to DFU mode if verification fails.
- Low-Level Bootloader (LLB) verifies security settings and locates the next stage's software, stored in dedicated Flash memory.
- iBoot (Stage 2) verifies hashes for integrity, including the root hash of the Signed System Volume (SSV), then loads the macOS kernel.
- Kernel boot phase starts around 5.3 seconds, initializing security systems like CoreCrypto, AMFI, and Sandbox.
- Early hardware initialization includes AppleT6041ANEHAL, IOAccessoryManager, and Secure Enclave processes starting around 5.6 seconds.
- CPU cores start sequentially by cluster around 6 seconds, followed by APFS and NFS loading.
- File system setup begins at 6.3 seconds, mounting SSV and other volumes, with SEP/OS declared alive at 6.37 seconds.
- Userspace boot starts at 6.4 seconds, loading launchd and mounting additional volumes like VM and Preboot.
- BiometricKit starts at 8.788 seconds; Data volume mount fails if FileVault is enabled, requiring user password.
- OpenDirectory starts at 9.875 seconds, with system wallclock time adjustment following.
- After 10 seconds, kernel and processes access hidden containers and SSV, but Data volume remains locked until user authentication.