What exactly is a locked bootloader?

What exactly is a locked bootloader? As I understand if the boot loader is locked on the TV box I won’t be able to install CE. Is that still accurate? In my case I have a s905x3 TV box with a locked bootloader.

Does the bootloader reside inside the emmc? If so, why is it not possible to just replace it with an open bootloader? Does the CPU somehow only accept signed bootloaders?

Are there any vulnerabilities or mods to unlock the bootloader?
Is there perhaps a hardware vulnerability that can be used? (something like shorting pins or a mod through a serial connection?)
A quick google search suggests that it is possible to dump the bootloader, fuses and some other things using a vulnerability. Is this helpful at all? Is it perhaps possible to brute force the encryption?

How do other ROM makers use ATV, AOSP or SlimboxX3 roms to create custom rooms for my tv box if the bootloader is locked?

There are multiple levels of “locked”. And yes the hardest is when the bootloader is encrypted at all.
The public keys are burned into the SoC and you will need the private ones to encrypt your bootloader.
The lowest level of locked would mean just the boot option like from USB or uSD is removed.
So you need to analyze your hardware and see how it’s locked and if it’s possible to unlock or not.

Most issue with such hardware is when you run a Android firmware upgrade it get locked again. Maybe the “security issue” is closed as well and it can’t be downgraded or unlocked anymore.

My box is the A95X F3 Air with an s905x3 chip and android 9. I used to run coreelec on my box by booting it from the SD card slot. I have never tried installing the OS to emmc but everyone at the time told me that the bootloader is locked. Does this mean that I can’t install CE to emmc?

I don’t believe that cheap Chinese TV android boxes are capable of using better security than most smartphones. I bet the Chinese rom makers use the same keys across most devices too… It can’t be too hard to make a signed bootloader. Or can it?

I’m just browsing some forum threads because I haven’t been active for a few years.
I have now discovered that s905x4 boxes usually have a locked firmware by default! Is this normal now? Are there any cheap chinese boxes with s905x4 and unlocked boot loaders?