What is the default and mening of set_supervised_boot_policy?

I see that in the API there is a set_supervised_boot_policy.

I wonder - if I’ll never call this method, what is the default value?
Is it 0?

Does this mean that the default policy is “do nothing” the SCM will recognize that some of the boot files are not as they supposed to be in the manifest but will not “react” in any way?
In other words - can the attacker, modify some of the boot files and, by default, if this set_supervised_boot_policy is not configured, the SEN will just boot up and decrypt the root FS?

Or do I get the meaning of this API incorrectly?

Thanks in advance!