I knew that firmware locks sent via MDM command didn’t work on the new Silicon-chip Macs, but I didn’t realize that the manual setting of a firmware password was also disabled (makes sense, since the two are probably linked in terms of how they’re implemented or the firmware mechanisms they use).
If you try to manually set a firmware password on a Silicon Mac using
sudo firmwarepasswd -setpasswd, then you’ll get an error message of
ERROR | SetupTRBSettings | The firmware on this machine is not supported., followed by the man page for firmwarepassd and then another error message of
No recognized command found.
ERROR | main | Exiting with error: 5.
The Set a firmware password on your Mac article on Apple’s website says
This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault.
even though that’s actually untrue, as you can turn FileVault on on both Intel and Silicon Macs (which protects the encrypted contents of the drive), but a firmware password prevents users from booting from any volume (including the recovery partition) apart from the startup volume, and an MDM-sent firmware lock prevents users from booting up the Mac at all.