Confusion around firmware and recovery lock remote actionsSolved

Oh, I noticed that too. I thought hexnode was messing with us for a second. Is it because of the Mac type or something else? 

Ah, that’s because Intel macs use a firmware password, so you see “Set firmware password” and “Clear firmware password”. Apple silicon Macs use a recovery lock password, which is why those actions show up instead. If you want a deeper dive, there’s a good thread on Connect that explains it:

https://www.hexnode.com/forums/topic/difference-b-w-firmware-password-and-recovery-lock-password/ 

As for why it shows generically in the manage tab, I think it’s just because you can pick multiple macs at once. Some might be Intel, some Apple Silicon, so Hexnode plays it safe and shows both options together. The passwords do almost the same job, but there are a few key differences behind the scenes.

Got it, that makes sense why they appear differently. But I’m still curious. There’s a Verify Firmware password remote action. Why isn’t there a Verify recovery lock password? Shouldn’t it have one 

Hey @casper,

Thanks for your question and a shoutout to @diane_ for clarifying why the actions show differently on Intel and Apple Silicon Macs and why the Manage tab uses a generic label.

Here’s the deal: Verify Firmware Password remote action exists because Intel Mac users can manually change their firmware password. This action lets IT admin confirm that the password still matches what was set via Hexnode or not.

Recovery lock passwords are different. They can only be set and managed through MDM, so users cannot modify them on the device. That means there’s no need for any verification.

Hope that clears things up. Feel free to ask if anything else seems unclear

Cheers,
Eden Pierce
Hexnode UEM

Ah, that clears it up. Verification is only needed for firmware since users can change it manually, while recovery lock passwords can only be set via Mdm. Understood.