alt Hacker NewsI don't think it's fair to describe MDM as a firmware-level feature. I think it's entirely implemented and enforced within the environment of a booted macOS; the firmware isn't going to be bringing up a whole network stack to phone home.
If you had Linux on a MDM-enrolled Mac there wouldn't be anything MDM-related running during or after the boot process. But presumably any sane MDM config would prevent the end user from accessing the settings necessary to relax boot security to get Linux installed in the first place.
Yeah, your point about implementation is correct -- much of the MDM functionality runs within macOS.
But, eh, I still think it's fair to describe it as a feature of the firmware. The enrollment and prevention of removal have firmware-level components through Apple's Secure Boot and System Integrity Protection. A user can't simply disable MDM because these firmware-level protections prevent tampering with the enrollment.
Case in point, getting Linux installed in the first place would be blocked by firmware-level boot policies, right? I'm not too knowledge about this, and maybe you are more so.