There might actually be a reason to enable it everywhere if it is compiled in the kernel and that is a developer currently (ab)using features that will get restricted with lockdown, especially if said developer is running his own kernel, didn't set up secure boot and/or is on a distro that doesn't turn this on.
For example lets say such a developer is using distro X which doesn't compile the kernel with lockdown enabled now they get a bug report from someone using distro Y which does have lockdown enabled but from the bug report this might not be clear. The dev can't reproduce it and so tries to get distro Y installed in a VM but this VM has no EUFI secure boot so lockdown doesn't get enabled and thus still can't get it to reproduce.
I think there are 2 ways around this the first is to have lockdown always enabled even on non-secure boot platforms (if it is compiled in the kernel) or have the kernel (or other) logging/errors be explicit in why something got blocked (haven't looked at this so might already be in, hopefully)
no subject
For example lets say such a developer is using distro X which doesn't compile the kernel with lockdown enabled now they get a bug report from someone using distro Y which does have lockdown enabled but from the bug report this might not be clear. The dev can't reproduce it and so tries to get distro Y installed in a VM but this VM has no EUFI secure boot so lockdown doesn't get enabled and thus still can't get it to reproduce.
I think there are 2 ways around this the first is to have lockdown always enabled even on non-secure boot platforms (if it is compiled in the kernel) or have the kernel (or other) logging/errors be explicit in why something got blocked (haven't looked at this so might already be in, hopefully)
Does this make sense or am I just rambling here?