It contains code to read the first 48 pages of the attached NAND flash, reserved for boot1, decrypt them with a fixed AES key, hash them with SHA-1 Engine, and compare the hash with a value read from OTP memory. If the hashes do not match, the system will refuse to proceed to boot1, causing a brick. However, if the hash in OTP is all zeroes, then the system will always boot — this is true of development consoles and probably also during the manufacturing process. For more discussion on this subject, see bushing's HackMii post.
The division between boot0/boot1 allows the RSA signature verification to be done using trusted code loaded from flash. It would not have fit into the 4K of space available. It is coded in a mixture of C and assembly.
The assembly code of boot0 can be found here.