Something like SecureBoot has been implemented for at least six years on motherboards I figure.
Many OEM hardware vendors would have a special key stored in the firmware somewhere. Without that key, the user can't reinstall the OEM version of Windows that shipped with the machine. I know this because when a motherboard would fail, we'd take one with the same form factor, size and compatible with the original CPU off-the-shelf and install it. Then we'd try to use the OEM Windows CD and no go - wont install. Called manufacturer and was informed that the replacement motherboard had not been "signed". Poor customer was forced to buy another copy of Windows or pay exorbitant cost for replacement OEM mobo.
It's a Lock-In scheme. Plain and simple.