I want to upgrade to Windows 11 (from Windows 10) and I need to have "Secure boot" enabled.
My motherboard is "ASUS PRIME A320M-K (AM4)" and I've followed the steps of this video selecting the option "Windows UEFI Mode" but when I open the "PC Health Check" app it keeps saying that I need to enable secure boot. I don't know what else to do.
This is the video that I've followed (1 min long): https://www.youtube.com/watch?v=Z0QxzpfwEz4
And this is the screenshot of the PC Health Check app: https://i.imgur.com/UJVRmqY.jpg
Enabling secure boot cause PC to not boot
Will Windows boot if I disable Secure Boot?
Is it wise to enable Secure Boot and password protect my BIOS?
Can't find Secure Boot to enable on BIOS
Videos
The answer depends on how much of a conspiracy nut you are.
The technology is able to stop rootkits taking hold in critical parts of the filesystem, but the same technology can be used to prevent loading an "unapproved" Operating system - where Unapproved is defined by the maker of the system, not the owner of it.
I believe that (at the moment) Secureboot can be disabled in the BIOS and any system can be booted. It is, however, possible that a manufacturer could remove the functionality to disable Secureboot [ Maybe a big OS provider throws money at them ], which could limit what can be done with it.
To have a look at "What is possible", consider Smartphones. Some [ like Google and Samsung branded phones ] can load any version of Android - eg supported by Cyanogenmod, while others are locked into the OS which they came with and can't be upgraded - I believe LG do this, and Motorola used to do this (My wife had a Motorola which can't be upgraded from an ancient 2.x version of Android - forced obsolescence - I do note its possible Motorola have changed as they are now owned by Google). Anyway Locked bootloaders are commonplace in Cellphones, so if you are looking at the impacts, it might be a useful place to draw an analogy from.
The entire point is the "chain of trust" it creates. If I have a piece of software that I need to make sure that nothing malicious can intercept what I am doing and put their own code in I need to trust the program launching my program. To trust that program that launched my program, you need to trust the program that launched the program that launched my program, and so on and so on.
What Secure boot provides is a anchor for that first "trusted program". It allows the hardware on the computer to assert "No one has modified this bootloader and it will behave exactly like the original programmers programed". The boot-loader can then check "No one has modified this OS and it will behave exactly like the original programmers programmed". Then the OS can go "No one has modified this program and it will behave exactly like the original programmers programmed" and now you have a "trusted path" from your program all the way down to the physical hardware running the machine all verifying that nothing got in the way that could intercept or modify the behavior of your code.
Now what the Bootloader, OS, or program itself does with that chain of trust is entirely up to the company. The Bootloader could chose to only boot OS's from a specific vendor and you could not prevent that. The OS could choose to only allow software to run that was authorized to run (this is what Windows 8 RT does via the App Store) and you could not. The program could implement some from of DRM and you would not have a way to bypass it.
It is all up to the vendor of the software on how to use Secure Boot.