Firmware passwords of all kinds disabled for Silicon-chip Macs

I knew that firmware locks sent via MDM command didn’t work on the new Silicon-chip Macs, but I didn’t realize that the manual setting of a firmware password was also disabled (makes sense, since the two are probably linked in terms of how they’re implemented or the firmware mechanisms they use).

If you try to manually set a firmware password on a Silicon Mac using sudo firmwarepasswd -setpasswd, then you’ll get an error message of ERROR | SetupTRBSettings | The firmware on this machine is not supported.
No recognized command found.
, followed by the man page for firmwarepassd and then another error message of ERROR | main | Exiting with error: 5.

The Set a firmware password on your Mac article on Apple’s website says

This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault.

even though that’s actually untrue, as you can turn FileVault on on both Intel and Silicon Macs (which protects the encrypted contents of the drive), but a firmware password prevents users from booting from any volume (including the recovery partition) apart from the startup volume, and an MDM-sent firmware lock prevents users from booting up the Mac at all.





Leave a Reply

Your email address will not be published. Required fields are marked *