Why is firmware lock option not available on apple silicon

The Apple Silicon Macs ALWAYS encrypt the boot disk. Enabling FileVault just requires a password for the Secure Enclave to start decoding the boot disk.

If the boot drive is removed from Mac, it cannot be read by another computer because it does not have the Secure Enclave chip that did the encryption.

Basically, once you enable FileVault, it is impossible to access the data on the boot volume.

Granted the boot volume can be totally erased, and a new System put on the Mac, but on a FileVault enabled Mac the user data is never accessible to anyone that does not have the password.

And if you use "Find My" to mark the Mac as lost or stolen, it should lock up should it be allowed to access the internet.

Basically, the technology has moved on from firmware passwords. Also firmware passwords created support issues.

BobHarris wrote:

But someone could not take the internal storage from an Apple Silicon (or T2) based Mac and boot it as an external drive, because they do not have the encryption key. The most they could do would be to erase the storage, and write their own stuff on it. Whether they encrypt it or not is a function of the hardware and software they use. But they do not have access to your data.

On many of those Macs, the internal SSDs are soldered in, so it would not be easy to take them and put them into an external drive with or without encryption.

On a few, like the Mac Studios and M2 Ultra Mac Pro desktops, you could actually remove the flash modules – but then, as you say, separating the modules from the decryption key would block anybody from making head or tails out of the data. Including you – thus making "pulling the SSD out of a failed Mac, to try to make up for a failure to back up the machine while you still could" a thing of the past.

From the linked article…

"This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault."

But someone could not take the internal storage from an Apple Silicon (or T2) based Mac and boot it as an external drive, because they do not have the encryption key. The most they could do would be to erase the storage, and write their own stuff on it. Whether they encrypt it or not is a function of the hardware and software they use. But they do not have access to your data.

BobHarris wrote:

The Apple Silicon Macs ALWAYS encrypt the boot disk.

It might be more accurate to say that Macs with Apple Silicon chips, or T2 security chips, ALWAYS encrypt the contents of the internal SSD. I could be mistaken, but I believe that the real-time, whole-disk encryption is tied into the way these chips implement part of the SSD controller.

Thus if you were booting from an external drive, it would not automatically be encrypted in real-time.