> Essentially, the question referenced here is that of ownership. Is it your device, or did you rent it from Apple/Samsung/etc. If it is locked down so that you can't do anything you want with it, then you might not actually be its owner.
Both goals actually are possible to implement at the same time: Secure/Verified Boot together with actually audited, preferably open-source, as-small-as-possible code in the boot and crypto chain, for the user, the ability to unlock the bootloader in the EFI firmware and for those concerned about supply chain integrity, a debug port muxed directly (!) to the TPM so it can be queried for its set of whitelisted public keys.
The TPM can be programmed (ie designed) to lie about the whitelist though.
That's where the open source part gets relevant. Harder to sneak in a backdoor when the entire design is open sourced, formally proven and (at least theoretically, given that this needs skill and is a destructive attack) everyone can verify with a microscope and a camera that the actual silicon layout matches what is specified in the design.