To my understanding, we still need to identify and define the addresses that will end up being write protected when those switches are flipped and that’s something that ends up being defined within the firmware itself so it will come with a future firmware update.
The risk mitigated with this feature is similar to PureBoot–someone compromising your computer over the network and reflashing your firmware remotely so their attack persists. Having the write-protect switch enabled would mean that an attacker would need to have physical access to the computer (and you can add some tamper detection methods like glitter nail polish on screws to help frustrate that, or at least detect it, as well) and enough time to remove screws, flip the switch and/or attach a hardware flasher.