My understanding is that Apple didn't try to block anything, Linux just lacked appropriate driver support for their disk.
It is a testament to how far Linux on the desktop has come that our first assumption when Linux doesn't boot on a new machine is "The megacorp is using secret cryptography" and not "eh, missing drivers."
"Missing drivers" doesn't quite accurately convey what Apple did. They bastardized the NVMe spec, requiring OS developers to add Apple-specific workarounds to their existing drivers.
Sure, but it's not like "Vendor didn't quite implement a spec the way they should have, requiring driver quirks" has never happened before in the history of Linux drivers....
I can't recall any NVMe device requiring as many workarounds as the Apple T2. Usually it's something along the lines of certain power states not working as intended, or the drive not providing a unique identifier. Apple changed the size of fundamental data structures, botched the interrupt handling, imposed unnecessary constraints on the mixing of IO and admin commands, and effectively broke one of the biggest performance advantages of NVMe (multiple IO queues).
And some vendors actually help with the development of workarounds for their broken drives, and push out firmware fixes when possible so that the workarounds can be disabled on newer or updated devices.
It is a testament to how far Linux on the desktop has come that our first assumption when Linux doesn't boot on a new machine is "The megacorp is using secret cryptography" and not "eh, missing drivers."