AOSP Insider
AOSP Foundations
3 min read

The Boot ROM (BROM)

Discover the absolute first piece of code that executes when power flows into an Android device's processor.

When you press the power button on an Android smartphone, the Linux kernel does not magically appear in RAM. A complex, multi-stage chain of events is required to wake the hardware up, configure it, and load the operating system.

The absolute first step in this chain is the Boot ROM.

What is the Boot ROM?

The Boot ROM (Read-Only Memory) is a tiny piece of code physically etched directly into the silicon of the System-on-Chip (SoC) processor (like a Qualcomm Snapdragon or an Apple A-series chip) during the manufacturing process.

  • Immutable: Because it is permanently etched in silicon, the Boot ROM cannot be modified, patched, or updated via a software OTA update. If there is a security vulnerability in the Boot ROM, it is unpatchable for the lifetime of that physical device.
  • Highly Specific: Google does not write the Boot ROM. It is written entirely by the silicon manufacturer (e.g., Qualcomm, Samsung, MediaTek).

Responsibilities of the Boot ROM

When power first flows to the CPU, the main system RAM is completely uninitialized, and the processor doesn't even know how to talk to the flash storage yet. The Boot ROM runs using tiny, ultra-fast internal CPU cache memory (SRAM).

The Boot ROM has three primary jobs:

  1. Hardware Initialization: It powers on the most basic processor clocks and initializes the connection to the internal eMMC/UFS flash storage.
  2. Locate the PBL: It scans the flash storage looking for a very specific sector containing the next stage of the boot process (the Primary Bootloader).
  3. Basic Security: It verifies the cryptographic signature of the Primary Bootloader. If the signature is valid, it copies the Primary Bootloader into the internal SRAM and jumps execution to it.

The Emergency Download Mode

If the Boot ROM cannot find a valid Primary Bootloader on the flash storage (e.g., the flash chip is completely wiped or corrupted), it will fall back to an emergency mode.

On Qualcomm devices, this is famously known as EDL Mode (Emergency Download Mode). In this mode, the Boot ROM opens a raw USB connection to the host computer, allowing a service center technician with proprietary software (like QFIL) to physically force-flash a new bootloader onto the dead motherboard.

# Technicians often use specialized commands or physical test points to force a device into EDL
# In some cases, a fastboot command can trigger it if the bootloader allows
fastboot oem edl
Previous Lesson
Snapshot Mechanism
Next Lesson
Primary Bootloader (PBL)