== Security ==
Because boot0 is in ROM, it cannot be modified, creating a trusted startup. Because of the boot1 verification against OTP, boot1 also cannot be modified
. boot0 writes the hash to OTP if the boot1 hash is not programmed, so boot1 can be changed in the factory at any time. The first security hole occurs when boot2 is loaded, as older versions of boot1 have the [[signing bug]], allowing certain modified versions of boot2 to be loaded. Because boot1 cannot be modified after the Wii has booted once, this left a number of vulnerable Wiis. Like most titles, however, IOS and the System Menu are not checked for signatures on launch, so they can be modified without bricking the Wii, which is done by a [[cIOS]] or [[Priiloader]] respectively.