> macs can install themselves over the internet from firmware

But not M* macs. Their firmware is only capable of initializing the most basic hardware and boot from the internal SSD, like good ol' times.

Heck, their boot picker is now a fullscreen application running on a stripped down macOS, which is started from the internal SSD.

This also means that if your internal SSD is hosed, so is your Mac. Enjoy!

> This also means that if your internal SSD is hosed, so is your Mac. Enjoy!

Yup, cause the flash controller is on the SoC, the actual hard drive is just flash chips.

I believe it's not completely hosed, there's a recovery mode where you connect it to another Mac with a USB cable for this situation.

A traditional BIOS can also boot an arbitrary payload. You can hijack INT 0x18 (boot to BASIC) to do whatever you want.

A lot of clone BIOSes just had to branch to a "please insert bootable media" or "No ROM BASIC - System Halted" message, but you could fairly easily inject something much like this.

I've modified the old "Anonymous XT clone" BIOS to support a stub that copies a chunk of ROM into RAM and then executes it.

This works reasonably well with some of the 512-byte "boot sector" tools I've tried, or with some minimal DOS .COM executables (i. e. an old Tiny Basic.) The copying step is a conservative approach because I suspect a lot of off the shelf software doesn't expect to be running inside ROM, and if it tries self-modifying code or simply writing to the same segment, all hell breaks loose.

For me, the limits were that, with an XT, you probably didn't want much more than 32-64k of ROM consuming precious address space, so unless you wanted to get gimmicky with banking in more memory or decompression, you're limited to maybe 20-40k of payload, which is a little small for "current" embeddable DOS products.

What's needed now is a much more extensive BASIC in the form of an EFI executable.