More and more embedded systems implement Secure Boot to assure the integrity and confidentiality of all software executed after power-on reset. These implementations are bypassed using logical flaws, for example as shown in the following iPhone boot ROM SHAtter  and limera1n . However, the early stages of Secure Boot (i.e. ROM or 1st stage bootloader) are often of insignificant size and therefore logically exploitable vulnerabilities are not guaranteed to be present.
by Albert Spruyt and Niek Timmers