secureboot is a nightmare from user perspective. its not a simple case of enabling it like some buttons and options might have you beleive. besides kernel taint from major vedors refusing to sign their kernel binaries there is actually tons and tons of stuff to be aware of. grub is one cog in the machine which is difficult to understand and configure (including external config options like kernel options which affect it somewhat).

sometimes i liken secureboot to zero trust. its more a concept than a technology. shame some features and options are having it as the name, misleading people with a simple misconceived string value :<