use the same bootrom exploit and pretty much the same way of applying
the jailbreak to your device. Geohot’s bootrom exploit is a tethered exploit, meaning that it is not able of booting a patched bootchain. So, what they actually do is use this bootrom exploit as an “injection vector” in order to apply
kernel patches (userland jailbreak).
You see, when JailbreakMe 2.0 was released by comex, they used 2 exploits to inject the kernel exploit. IOSurface Kernel Exploit along with Malformed CFF vulnerability were used to get root privileges in order to apply the kernel patches.
Bootlogo’s and verbose boot were not possible, (at least not possible as we know them) because the bootchain is actually not touched (LLB and iBoot are being code signed and well).
This is pretty much the same with limera1n and greenpois0n. Geohot’s bootrom exploit is used to obtain root privileges (instead of the 2 exploits that that Star uses that are necessary to obtain root). The bootchain is not touched or jailbroken until the patched kernel kicks in.
In fact, you just have a userland jailbreak, applied using a bootrom exploit. For custom bootlogo’s and/or a verbose boot, you will need a patched iBoot, which you simply just don’t have when you are jailbroken by a userland jailbreak.
Again, note that this is just a general description, don’t try to argument on specific technical details.