Once the kernel takes over from iBoot, there’s a lot of hardware to get running before the SSV can be properly validation, and kernel extensions loaded.
Sometimes known as iBoot1 and iBoot2, they start work with the LocalPolicy for the intended boot volume, validating its vital components.
Understanding each of the four stages in the Secure Booting of an M1 Mac. These are summarised in diagram available here.
There’s a fundamental difference in the way that Intel and M1 Macs store and load their ‘firmware’, which enables the M1 Mac to load and run difference versions of iBoot.
This article has now been extensively corrected and modified.
macOS 11.4 brought major changes to the way M1 Macs handle external bootable disks. This explains how this works during the boot process.
How an M1 Mac can start up from an external bootable disk, and how that can fail. All about boot security policy, and how that’s applied.