Just like it's Wii counterpart, boot1 is the second-stage bootloader which is loaded by boot0. boot1 is stored inside the first SLC NAND blocks in the form of an ancast image. There are always two copies of boot1 inside the SLC NAND and, together, the images form the only blocks that are left as plain data (not encrypted with the OTP SLC key). boot1 runs from on-die SRAM starting at address 0x0D400000 and it's size must not exceed the total of 0xF800 bytes (it's size is checked by boot0).
During the boot process, boot0 loads boot1 from NAND and decrypts it using an AES key stored in the console's OTP. Immediately after, boot0 permanently disables access to this key by clearing the appropriate value in the LT_OTPPROT register.
Thanks to this mechanism, the contents of boot1 and it's key still remain unknown. However, it's possible to predict boot1's role in the boot process to some extent. boot1 is responsible for loading the IOSU from NAND, therefore it must read it, verify it's signature and decrypt it. It's also speculated that boot1 must configure external DDR3 memory.
Attempting to read the LT_OTPPROT register immediately after the IOSU begins executing will return the value 0xCF7FFFFF. boot0 only sets LT_OTPPROT once to 0xDFFFFFFF, which means that boot1 also locks 2 additional OTP blocks for unknown reasons.