This is still normal and these errors and locks are understandable.
At the very beginning there was an unpleasant bug: If an error occurred while restoring macOS on an iMac Pro from TimeMachine, the user encountered a problem with a new OS installation.
On computers with the T2 chip, you must enter the local administrator password in the installed OS before erasing the disk in Recovery, but since TimeMachine restored only part of macOS, it was no longer possible to enter the password.
I also went down in history with my Mac Mini on the M1 chip:
There are 2 accounts on this computer: local administrator and ActiveDirectory domain user account.
For secure exchange of credentials, I set up encryption and signing traffic "dsconfigad -packetencrypt ssl -packetsign require", but since the domain certificate has an obsolete secure hash algorithm type, I had to add domain controller certificates to Keychain for authentication to work.
After updating the OS on the domain controllers, I forgot about this setting. As a result, authentication simply stopped working, and the login worked using a mobile account.
I didn't write down the password for my local administrator account, and of course I forgot it a year later.
I thought I could easily reset the password from the local account in Recovery using "resetpassword". BUT it turned out that on new computers you can't reset the password of only one account, you need to reset it on all. But it is not possible to reset the password in Recovery in a domain account, which is understandable.
I was furious.
I had to erase the disk and reinstall the OS.
But I'm glad I've gone this way and now I know about it.