A system and method are provided that enable a processor to have the immutable code and data that it uses for its boot process to be securely patched. A system may include a read only memory (ROM) storing one or more certificates and instructions, an array of one-time programmable (OTP) indicators, a bootstrap controller connected to the ROM and the array of OTP indicators, and a random access memory (RAM) connected to the bootstrap controller. The bootstrap controller is configured to verify integrity of firmware for boot based on certificates stored in ROM, check for a patch in the array of OTP indicators, and write the one or more certificates and the instructions in ROM and the patch into the RAM. The patch may be loaded into RAM by the bootstrap controller and overwrite ROM instructions or certificates in RAM.