In CHFI v11, this question maps to the Operating System Forensics objective that requires understanding Macintosh boot processes and the overall booting process. The correct answer is C because, in an Intel-based Mac startup sequence, the UEFI firmware is the component that verifies the macOS bootloader Boot.efi before handing control toward the operating system. From a forensic perspective, this matters because an examiner must know which component is being validated and which component performs the validation. Boot.efi is the bootloader itself, so it cannot be the verifier. Boot ROM participates earlier in the startup trust chain as a low-level hardware-rooted element, while iBoot is also part of Apple’s secure startup architecture, but the specific verification of the macOS bootloader on Intel-based Macs is performed by UEFI firmware. This distinction is important during forensic reconstruction because understanding the trust sequence helps investigators interpret secure boot behavior, startup integrity, and possible tampering points. The CHFI blueprint explicitly includes Macintosh boot processes under operating system evidence analysis, so recognizing UEFI firmware’s role is directly aligned with the exam objective.