Most of the time the root of trust isn't in the boot rom, but instead OTP fuses that the boot rom reads.