“Bug” in FileVault Encryption of M1 Macs

Not a bug but a security feature. Mac's equipped with a T2 Security Chip or the M1 Apple Silicon chips are hardware encrypted at the factory out of the box. When you turn on FileVault it merely generates a recovery key and puts a new private key into the Secure Enclave within the T2 or M1 SoC processor.

When you first install macOS on one of these T2/M1 Mac's it will create an administrator account and that account has what is called a secureToken. Only accounts created by an account that holds a secureToken will be able to unlock the disk.

Your problem may have occurred wether or not the older 13" MacBook Pro is T2 equipped or not because Migration Assistant doesn't add the secureToken to the other two accounts you migrated. Likely one of the 3 accounts matched your primary account and that one migrated and kept the secureToken but the other two didn't exist on the M1 so they didn't receive a secureToken. When you created the other two new accounts they also received the secureToken which is required to unlock the disk.

The easiest quickest way to fix this would be to delete the 2 problematic user accounts without removing their home folders and then recreate them using your primary working account that has a secureToken. It is important that you set the same icon, name, login name and passwords. They will pickup on the existing home folders and that should fix it.

In System Preferences -> Users & Groups, unlock the screen with the gold lock bottom left corner. Then highlight the first account to remove and click the minus button at the bottom left. Be sure to click the "Don't change the home folder" option. Then go ahead and click Delete User. Then add the user back with the + button, set the same information for this user. Rinse and repeat for User #2. Then reboot and see those two users can unlock the disk at the pre-boot authentication screen.