What is the purpose of the tri-state BootstrapTokenAllowedForAuthentication value?

What is the purpose of the tri-state BootstrapTokenAllowedForAuthentication value in the SecurityInfo response?

allowed, disallowed, not supported are the possible values

https://developer.apple.com/documentation/devicemanagement/securityinforesponse/securityinfo?changes=latest_beta

During WWDC2020 and when the key was a boolean it seem to be that the key was to indicate if a bootstrap token existed on the device, but that doesn't seem to be the case now with the allowed, disallowed, not supported values.
We'll have some published text coming shortly, but here's a quick version:

This value specifies whether the Secure Enclave Processor (SEP) supports and allows secure operations to use the Bootstrap Token. The value is automatically set for devices enrolled through the Device Enrollment Program (DEP). The user can also manually set this value in the RecoveryOS. Currently, only supported on Apple Silicon devices.
What is the purpose of the tri-state BootstrapTokenAllowedForAuthentication value?
 
 
Q