A Mac with Apple silicon has the boot modes described below.
Mode
Key combo
Description
macOS
From a shutdown state, press and release the power button.
Boot ROM hands off to LLB.
LLB loads system-paired firmware and the LocalPolicy for the selected macOS.
LLB locks an indication into the Boot Progress Register (BPR) that it’s booting into normal macOS, and hands off to iBoot.
iBoot loads the macOS-paired firmware, the static trust cache, the device tree, and the Boot Kernel Collection.
If the LocalPolicy allows it, iBoot loads the Auxiliary Kernel Collection (AuxKC) of third-party kexts.
If the LocalPolicy didn’t disable it, iBoot verifies the root signature hash for the signed system volume (SSV).
recoveryOS
From a shutdown state, press and hold the power button.
Boot ROM hands off to LLB.
LLB loads system-paired firmware and the LocalPolicy for the recoveryOS.
LLB locks an indication into the Boot Progress Register that it’s booting into recoveryOS, and hands off to iBoot for recoveryOS.
iBoot loads the macOS-paired firmware, the trust cache, the device tree, and the Boot Kernel Collection.
Note: Security downgrades aren’t allowed on the recoveryOS LocalPolicy.
Fallback recoveryOS
From a shutdown state, double-press and hold the power button.
The same process as recoveryOS boot, except that it boots to a second copy of recoveryOS that is kept for resiliency. However, LLB doesn’t lock an indication into the Boot Progress Register saying it is going into recoveryOS, and therefore the fallback recoveryOS doesn’t have the capability to change the system security state.
Safe mode
Boot into recoveryOS per the above, then hold Shift while selecting the startup volume.
Boots to recoveryOS as per the above.
Holding the Shift key while selecting a volume causes the BootPicker application to approve that macOS for booting, as normal, but to also set an nvram variable that tells iBoot to not load the AuxKC on the next boot.
System reboots and boots to the targeted volume, but iBoot doesn’t load AuxKC.
