xxx1 = bootromU.bin (ppc code - static - cannot be changed)
From what I see it uses starbuck boot rom for wii u mode and espresso bootrom for vwii mode. So this is arm code.
Edit. I was mistaking, espresso bootrom is used to run vwii/ppc kernel. And you messed the order of boots:
a> power on
b> arm processor starts first and loads 'xxx1' from its internal on-chip rom
c> the arm loads 'xxx2' from external rom - we don't really know how it does the validation - and runs it.
d> the arm loads 'xxx3' - validates signature, then decrypts it and jumps to it.
e> the arm then loads 'xxx4' from external rom - checks the signature, decrypts and then runs it itself
f> the arm loads 'xxx5' and tells the ppc to run it.
g> the ppc starts 'xx6', which should validate hash/signatures of 'xxx5', decrypt and run it.
g> the arm and ppc go on loading menus and other unimportant things
//where
xxx1 = starbuck bootrom (arm code - static - cannot be changed)
xxx2 = boot0.bin (arm code - most likely static - i don't really know how this is validated, but mostlikely bootrom expects it to have valid hash)
xxx3 = boot1.bin (arm code - static - it seem like the hash of boot1 is stored in the otp and is used to validate it's signature)
xxx4 = fw.img (arm code - dynamic - can be updated but would need either the signatures patched or the private key leaked)
xxx5 = kernel.img (ppc dynamic - can be updated but would either need the signatures patched or the private key leaked)
xxx6 = espresso bootrom (ppc code - static -can not be changed)
[---Please correct this as needed.---]