The macOS security architecture on Apple Silicon relies heavily on the hardware's inherent design rather than the operating system itself. At the core of this is the Boot ROM, or SecureROM, which is unchangeable and acts as the foundational root of trust. When the system powers on, the Boot ROM runs in a high-privilege state, executing critical tasks like initializing the stack and configuring memory management while ensuring that sensitive registers remain inaccessible to lower privilege levels. The Boot ROM's main goal is to load the Low-Level Bootloader (LLB), but the process is complex. It uses a device-specific GID Key, a 256-bit AES key baked into the silicon during manufacturing, to decrypt the LLB. This involves a multi-step decryption process where the Boot ROM first unwraps a Keybag (KBAG) containing the LLB's encryption keys and Initialization Vectors (IVs). The GID Key itself is not exposed to software, ensuring a high level of security even if vulnerabilities are exploited. Integrity checks are enforced through the Public Key Accelerator (PKA), which verifies that the firmware being loaded is legitimate by checking signatures against an embedded Apple Root CA public key. This dual-layer security—confidentiality from the GID Key and integrity from the PKA—ensures that only authorized code executes during the boot process. The architecture is designed to withstand potential attacks, making unauthorized access to sensitive firmware and cryptographic keys extremely difficult.