Jamf

Recovery lock codes can be set in the PreStage for Jamf Enrolled MacBooks. Recovery Lock prevents access to the Recovery OS unless a user enters a 6 digit code assigned during the PreStage. In certain cases device code may become unknown. Most commonly this is due to a sync issue with the commands in the database. This type of behavior is noted in Product Issues such as PI122875 and PI111426.

If the PRK is unknown and the device is locked out Admins will need the Recovery Key to authenticate to the Recovery Volume. Because the Recovery Lock Password is unknown Admins will not be able to enter Recovery Mode to reinstall the OS.

In general, this process is extraordinarily hands on and requires significant investment of time from the Admin. If other remedies are available to get the admin into the MacBook, they should be pursued before proceeding.

Customers affected by issues like this have reported that Apple informed them that they would need to do an out of warranty logic board replacement. That appears to be incorrect and customers should be able to put the device back into service using the following workflow.

1. Must be Apple Silicon.
2. Must have a recovery lock set. 

This workflow was tested and confirmed on a MacBook Air M2 with a Apple Configurator on a MacBook Air M2 on March 17th, 2025

Connect the affected MacBook's DFU USB-C port to another MacBook. If you do not know which USB-C port is the DFU port, you can find it listed <a href="https://support.apple.com/en-us/120694" target="_blank" rel="nofollow noopener noreferrer">here.</a>

Boot the MacBook into DFU ( you have trouble, you can use <a href="https://twocanoes.com/products/mac/dfu-blaster/" target="_blank" rel="nofollow noopener noreferrer">DFU Blaster</a>, it's free for 14 days)

Utilize the Restore option in Apple Configurator or the Finder Window on the Mac that is connected to the DFU Booted MacBook. Documentation for this process can be found <a href="https://support.apple.com/en-us/108900#reviveorrestore" target="_blank" rel="nofollow noopener noreferrer">here. </a>Apple calls out using a revive prior to a restore. Based on the documentation, revive does not appear to remove the Recovery Lock and would still require authentication to the Recovery OS or Operating System OS to initiate an Erase All Content and Settings.

Once restore is complete, the device will boot to Setup Assistant. As long as the device is enrolled in Apple Business Manager, the Admin should be able to proceed from here as normal. If the device is not enrolled in MDM and has an Apple Account associated with it, the Admin would need to have the device removed from the user's Apple Account or authenticate to that account.

1. Connect the affected MacBook's DFU USB-C port to another MacBook. If you do not know which USB-C port is the DFU port, you can find it listed <a href="https://support.apple.com/en-us/120694" target="_blank" rel="nofollow noopener noreferrer">here.</a>
2. Boot the MacBook into DFU ( you have trouble, you can use <a href="https://twocanoes.com/products/mac/dfu-blaster/" target="_blank" rel="nofollow noopener noreferrer">DFU Blaster</a>, it's free for 14 days)
3. Utilize the Restore option in Apple Configurator or the Finder Window on the Mac that is connected to the DFU Booted MacBook. Documentation for this process can be found <a href="https://support.apple.com/en-us/108900#reviveorrestore" target="_blank" rel="nofollow noopener noreferrer">here. </a>Apple calls out using a revive prior to a restore. Based on the documentation, revive does not appear to remove the Recovery Lock and would still require authentication to the Recovery OS or Operating System OS to initiate an Erase All Content and Settings.
4. Once restore is complete, the device will boot to Setup Assistant. As long as the device is enrolled in Apple Business Manager, the Admin should be able to proceed from here as normal. If the device is not enrolled in MDM and has an Apple Account associated with it, the Admin would need to have the device removed from the user's Apple Account or authenticate to that account.

Restore an Apple Silicon Device with an Unknown Recovery Lock

Create a custom design with text, images, and links

Community

Training

Login

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Restore an Apple Silicon Device with an Unknown Recovery Lock

Description

Restoring Your Device