TLDR: Microsoft worked with Intel and AMD to develop Pluton which is basically a TPM chip designed to prevent running non-microsoft approved software. It will likely make it impossible to boot un-approved linux distros, bsd, and likely will make it very hard to run any un-approved software in the future.
This CPU "feature" is very likely to be a requirement for Windows 12 in 2024. Meaning nearly every computer available will have this and the majority of manufactures will not allow you to unlock the bootloader.
Similar situation to running LineageOS or PostmarketOS phones. For now, it can be "disabled" in bios on most of these computers, but that's simply a choice the OEM is making and will no longer need to make once this has become prevalent without any real pushback.
They claim that this is for better security from malware or whatever which is clearly ridiculous considering they've had decades to improve Windows's security model by introducing some level of sandboxing, even just for the file system or something like that, but the closest they've gotten is UWP which was a flop, and now non-UWP non-sandboxed apps are in the Microsoft Store right next to the more secure ones, with no obvious distinction.
like how many people's computers have gotten malware, how many companies have been hacked, etc. and they haven't done a single real thing to address that other than promoting their anti-virus. Even though anti-virus software is the dumbest thing. All they have to do is provide a way to prevent Windows applications from accessing files that aren't part of the program. Allow regular .exe type applications to self-sandbox and have File Explorer show a little icon or something indicating it's a "secure app". But they won't do that. I think they probably like malware because they can get consulting fees or something like that from companies that are attacked.