Upgrade Mode

iBoot normally insists on booting from the first partition on the device, using a kernelcache located in /System/Library/Caches/com.apple.kernelcaches/kernelcache, with a devicetree located in ROM.

Upgrade mode provides an alternative boot path suitable for booting a standalone restore/recovery system. It chains to a new bootloader, and the new bootloader then loads kernelcache, devicetree, ramdisk and optionally a display image before booting the kernelcache.

To invoke upgrade mode, the boot-command variable must be set to 'upgrade', and the upgrade partition, which is identified via its LwVM partition name, must contain the following files:

/iBEC
/kernelcache
/devicetree
/ramdisk
/apticket.der

All of the files listed above are expected to be in image3 format, and must be signed and/or personalised.

When the kernelcache is booted a RELEASE-configured iBEC will set the boot-args variable to:

 'rd=md0 nand-enable-reformat=1 -progress'

A Non-RELEASE iBEC will just add 'rd=md0' to the boot-args. In neither case is the value saved to NVRAM.

If any of the following occurs, the iDevice will end up in ROM iBoot recovery mode:

- the upgrade partition does not exist or cannot be mounted
- the file /iBEC does not exist in the upgrade partition
- the contents of the iBEC file are not an Image3 file or fail
  authentication

If any of the following occurs, the iDevice will end up in upgrade iBEC recovery mode:

- the upgrade partition cannot be mounted (e.g. due to NAND format incompatibility)
- the files /kernelcache, /devicetree and /ramdisk do not exist in the upgrade partition
- the contents of any of these files are not valid Image3, or fail authentication
- the kernelcache file does not contain a compressed mach-o kernelcache
- the devicetree file does not contain a valid devicetree

iBEC will set the auto-boot variable to false when loaded in upgrade mode, to avoid the risk of locking the unit up due to a hang while booting the upgrade kernel.