Modern Macs, whether they have Intel processors and T2 chips, or have Apple silicon chips containing Arm CPU cores, go through three main phases when they start up:

1. Boot ROM, burned into permanent storage,
2. Pre-boot, loosely termed firmware, and run from separate Flash storage and the internal SSD,
3. Kernel, loaded with its plethora of extensions from disk storage.

This article explains the role those phases play, and how firmware needs to be updated, sometimes quite frequently.

Boot ROM

The Boot ROM can only be changed by exchanging that Mac’s logic board, and is intended to provide the absolute minimum needed to get the Mac started and hand over to Pre-boot. In Apple silicon Macs, this requires verification of the Low-Level Bootloader (LLB), the first stage of Pre-boot. If that fails to verify or there’s another recoverable problem, then the Boot ROM is responsible for putting the Mac into DFU mode, then handling a revive or restore over a USB cable. This explains why DFU mode can’t take advantage of a Thunderbolt connection: it’s limited to USB to minimise the hardware and drivers that need to be driven by the Boot ROM.

Pre-boot

For the kernel to start running, there’s a lot more hardware to be made available. In Apple silicon Macs, there’s also a series of verifications and validations to be performed. LLB verifies and loads system-paired firmware, reads NVRAM to discover the intended boot volume, validates its LocalPolicy stored on the internal SSD, reads and follows its configuration, locates the iBoot code, verifies that and hands over to it. iBoot takes over to verify and load macOS-paired firmware, the system trust cache, the signature on the SSV, verify kernel collections, and finally verifies, loads and runs the kernel.

Pre-boot also has to detect and handle variant boot sequences, most commonly starting up in Recovery. Intel Macs detect that through a key combination, so Bluetooth, USB and a basic keyboard driver all have to be loaded and run long before the kernel can start.

Apple silicon Macs handle this better and more securely, relying on the Power button instead. When Recovery mode is selected, the boot process changes to access the paired Recovery volume in the currently selected boot volume group, from where a protected disk image has to be mounted and recoveryOS run from there. If the Power button signal has opted instead for Fallback Recovery, then the disk image is loaded from its hidden container on the internal SSD.

Intel Macs have a different fallback to cope with loss of normal and Recovery boot resources: remote or internet Recovery. This requires the drivers to support a network connection, and downloading a disk image to boot from, which is considerably more complex than the equivalent DFU mode in Apple silicon Macs.

Updates

However simple Apple’s engineers might wish that pre-boot ‘firmware’ could be, it has a lot to do, and many hardware devices to initialise and set running before it can hand over to the kernel. During the early and rapid evolution of Apple silicon Macs, there have also been changes in the structure of the process. In Big Sur, Recovery was run from its hidden container on the internal SSD, rather than a paired volume in the boot volume group. Apple changed that with the release of Monterey.

Unlike the Boot ROM, pre-boot software is more extensive, has to boot and run many more hardware devices, and inevitably will require improvements and have bugs to be fixed. Each new chip added to the M-series also has its own needs to be written into its Boot ROM and pre-boot code, and more recent models have different hardware features. The unified architecture of Apple silicon Macs makes this more straightforward than in Intel Macs with T2 chips, where they require conventional EFI firmware as well as that for iBridge (or bridgeOS) to run on their T2.

Prior to the introduction of the T2 chip, Intel Macs had many different firmware versions. These converged into a single version for all with a T2 when running the same release of macOS, and so far all Apple silicon Macs have also had common firmware versions. While that simplifies updates considerably, it also means that pre-boot ‘firmware’ has to change more frequently. We should therefore expect firmware updates with each minor release of macOS, and sometimes with intermediate patch releases. At least they’re quicker and far less nerve-racking in Apple silicon Macs.