= IBoot =

iBoot
- Screenshot: IBoot banner using irecovery..png
- Developer: Apple Inc.
- Released: June 29, 2007
- Latest Release Version: iBoot-11881.80.57~171 (RELEASE, iOS 18.3 RC and iOS 18.3.1)
- Latest Preview Version: iBoot-11881.80.57~107 (RELEASE, iOS 18.3 beta 1)
- Operating System: Darwin, macOS, iPadOS and iOS
- Platform: x86, ARM
- Genre: Boot loader
- License: Proprietary software

iBoot is the stage 1 and stage 2 bootloader for iPhones, iPads, Apple silicon-based Macs, and the T2 chip in Intel-based Macs with such a chip. Compared with its predecessor, iBoot improves authentication performed in the boot chain.

For Intel-based Macs with a T2 chip, the boot process starts by running code on the T2 chip from the boot ROM. That boot ROM loads and runs iBoot onto the T2 chip; iBoot loads the bridgeOS operating system onto the T2 chip and starts it; bridgeOS loads the UEFI firmware; UEFI firmware starts the main Intel processor and completes the Power-On Self Test process. The UEFI firmware loads boot.efi, which loads and starts the macOS kernel. For Intel-based Macs with a T2 chip, the UEFI firmware may be called iBoot UEFI.

For iPhones, iPads, and Apple silicon-based Macs, the boot process starts by running the device's boot ROM, which is integrated into the device's SoC. On iPhones and iPads with A9 or earlier A-series processors, the boot ROM loads the ' (LLB), which is the stage 1 bootloader and loads iBoot, and LLB is stored on an EEPROM; on iPhones and iPads with A10 or later processors, as well as Apple silicon Macs, the boot ROM loads iBoot, and LLB and iBoot are stored on NAND flash or internal SSD, which is a NOR-less boot flow. If all goes well, iBoot will then proceed to load the iOS, iPadOS or macOS kernel as well as the rest of the operating system. If iBoot fails to load or fails to verify iOS, iPadOS or macOS, the bootloader jumps to DFU (<u>D</u>evice <u>F</u>irmware <u>U</u>pdate) mode; otherwise it loads the remaining kernel modules. For arm64 devices with iBoot, it will "jump" to the kernelcache (the kernel itself wrapped in the Image4 format), and boot off of it.

Once the kernel and all drivers necessary for booting are loaded, the boot loader starts the kernel's initialization procedure. At this point, enough drivers are loaded for the kernel to find the root device.

== Build styles ==

According to the leaked iBoot source code (from February 7, 2018), in apps/iBoot/iBoot.mk, defines the valid build styles as "RELEASE", "DEVELOPMENT", "DEBUG", and "SECRET" when building a copy of iBoot. These build styles define specific information when the bootloader is compiled, such as adding more debugging commands for finding issues on a developmental device, or performing hardware tests using the iBoot command prompt over serial.

=== Meanings ===

RELEASE - A release version

DEVELOPMENT - A build that is used on developmental hardware, allows access to some developmental tools, such as the 'diags' command.

DEBUG - A build used for debugging iOS and other lower-level components

== Features ==
iBoot features a command prompt when in recovery, DFU, or restore mode (it is also in "DEBUG" builds of iBoot, but was never seen in future builds). Command availability depends on the type of iBoot being used, especially the build style (can be RELEASE, DEVELOPMENT, DEBUG, SECRET, etc.).

When using iBoot's command prompt, the included commands are used to manage the behaviour, such as its boot arguments (internally called the "boot-args" in the NVRAM), or if the startup command (fsboot) should be used when iBoot is automatically loaded (known as auto-boot).

== Memory safety ==
Apple has modified the C compiler toolchain that is used to build iBoot in order to advance memory safety since iOS 14. This advancement is designed to mitigate entire classes of common memory corruption vulnerabilities such as buffer overflows, heap exploitations, type confusion vulnerabilities, and use-after-free attacks. These modifications can potentially prevent attackers from successfully escalating their privileges to run malicious code, such as an attack involving arbitrary code execution.

== Source code leak incident ==
In 2018, a portion of iBoot source code for iOS 9 was leaked on GitHub for various iPhone, iPad, iPod touch, and Apple Watch models, Apple then issued a copyright takedown request (DMCA) to GitHub to remove the repository. It was believed an Apple employee was responsible for the leak. However, this was not confirmed by Apple. It is known that a user by the name of "ZioShiba" was responsible for the publication of the iBoot source code.

== History ==

The earliest known version of iBoot was iBoot-87.1, seen on very early prototypes during the iPhone's production in 2006–2007. It had the same features as the first known version of iBoot (iBoot-99), except it not having features before the final release. This version of iBoot could be considered the "first early beta" of iBoot. Following the release of the first-generation iPhone and iPhone OS 1, the first release iBoot version was iBoot-159.

== See also ==
- Booting process of Android devices
- Booting process of Linux
- Booting process of Windows
