about 3 days ago I bought a brand new system and did a clean install of 23.04. I did not have secure boot enabled. I then spent the next 3 days installing software to get my system up to a fully running state.
In my gnome 'settings' configuration I found 'Privacy' and then 'device security'. It seemed I failed a lot of tests. Including a tainted kernel ('vboxdrv' was the cause). I removed the tainting program [which is a problem as I need the program (Virtualbox) ] and then tried to fix as many of the failed checks that I could... including turning on 'Secure Boot' in bios.
I set it to 'Windows' & 'standard'.
My question is this... by turning this on, I imagine I get a certain level of protection. But have I locked in a potentially compromised system by doing this? Should I have had secure boot from the very start, or is it ok to turn it on now?
I now pass all of HS1, and some of the others. Am I making too much of this feature?
This question is asking for opinions, which may vary wildly and confuse more than help. Security is a broad topic.
Improving your device security settings is rather like locking one window of your home: It helps (let's say that again: IT HELPS). It's not a complete security solution. There are other windows for an intruder to enter...or simply peer through.
Good security is more a set of good habits and a bit of learning than any particular single tool.
For an excellent primer from a professional on the many facets of good security and good habits, I recommend episodes 152-156 of the Ubuntu Security Podcast.