This application provides a secure boot apparatus and method. A control circuit in the secure boot apparatus can obtain boot code in a nonvolatile memory by using a non-programmable circuit, and verify the boot code by using a root of trust. In this way, even if the root of trust is not built in a processor, the verification on the boot code can be implemented by using the control circuit. This effectively reduces dependency of a secure boot process on processor performance. In addition, because the non-programmable circuit can be respectively coupled to the control circuit and the nonvolatile memory through two interfaces of different types, a requirement for the secure boot process on an interface protocol type of the control circuit is reduced, and application flexibility of a secure boot solution is improved.