The purpose of this bootloader is to avoid executing malicious code sent over the internet, such as by a MITM attack.
The author explains that it does not attempt to defend against hardware attacks or attempts to replace the bootloader:
> SentinelBoot's threat model focuses on thin client devices which do not store their own OS and over-the-air updates (e.g. how phones are updated): both of these cases involve executable code being sent over a network, usually the internet. We ignore the risk of direct hardware modification, as an attacker can just swap out the bootloader (making any potential defence implemented by SentinelBoot in vain).
The author explains that it does not attempt to defend against hardware attacks or attempts to replace the bootloader:
> SentinelBoot's threat model focuses on thin client devices which do not store their own OS and over-the-air updates (e.g. how phones are updated): both of these cases involve executable code being sent over a network, usually the internet. We ignore the risk of direct hardware modification, as an attacker can just swap out the bootloader (making any potential defence implemented by SentinelBoot in vain).