Root of Trust (RoT) is ideally based on a hardware-validated boot process to ensure the system can only be started using code from an immutable source1. This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit. Similar to a proof by induction, the entire server state will stay well known, as long as that initial element tests the next element, and so on.
You can download the paper here