The serial is written to CPU fuses at the factory on M1 and newer. This is write-once memory, there's no changing it once the fuses burn. Only possibilities are finding a way to set Reduced Security without using Startup Security Utility, or finding an iBoot vulnerability in one of the early versions of the firmware. This isn't something an average tinkerer with some soldering skills is going to figure out.

Serial numbers on Apple Silicon work differently than previous generations. The CPU stores its own unique ID in its fuses, which as stated above, cannot physically be changed....

Re: Macbook M1 bypass FMM / EFI Unlock



We need to determine how the bootloader unlock is actually performed, whether its a bit flip on the SSD or in the SEP. If it's in SEP, you're shit out of luck. If it's in the info partition then there may be a way to unlock it manually with write access to the chip. Seems unlikely of Apple to overlook such a glaring security hole though, so don't hold your breath. If someone can gain code execution prior to activation then there may be a way to unlock iBoot and install Asahi or a modified macOS install with activation lock removed....

Re: Macbook M1 bypass FMM / EFI Unlock

I assume the the secure boot switch is more than just a bit flip, right? Anyone taken a dump before and then after turning off secure boot? With secure boot off it should be possible to use M1N1 or Asahi and just hacktivate macOS like an old iPhone. Obviously a bit more complicated than that, but with secure boot off it should be quite easy to access the filesystem and bypass setup.