Locking down the boot drive is to try to prevent someone with physical access to the machine from booting from another drive.
This is about preventing malware from replacing the bootloader with malware that loads before the OS and antivirus software.
Of course the method by which it does it is not that it prevents malware from replacing the bootloader, but rather prevents the machine from booting when malware has replaced the bootloader. In other words malware that messes with the bootloader will make a secure boot enabled machine unbootable until it is cleaned with some other system. So it makes sure you know something messed with the bootloader by making your system unbootable.
no subject
This is about preventing malware from replacing the bootloader with malware that loads before the OS and antivirus software.
Of course the method by which it does it is not that it prevents malware from replacing the bootloader, but rather prevents the machine from booting when malware has replaced the bootloader. In other words malware that messes with the bootloader will make a secure boot enabled machine unbootable until it is cleaned with some other system. So it makes sure you know something messed with the bootloader by making your system unbootable.