I am using UEFI Boot but I'm just unsure what gets affected if I change the settings in the Boot Tab Section below to Enable Secure Boot.

So these are currently the settings in my Boot Tab in Bios:

1. CSM Section: Launch CSM is Disabled

Secure Boot Section:

1. Secure Boot State: User
2. OS Type: Other OS
3. Secure Boot Mode: Custom

Will Changing these settings affect:

1. Connections like Monitors, SSDs, SSHD, GPU, iGPU, Elgato and the like somehow?
2. Does it change or reset the current Boot Keys in 'Key Management' ie. PK, KEK, DB, and DBX?
3. And lastly when I change 'Launch CSM to Enable', what should I set these values to?

• Boot Device Control - Configuration options: [UEFI and Legacy OPROM] [Legacy OPROM only] [UEFI only] ?
• Boot from Network Devices - Configuration options: [Ignore] [Legacy only] [UEFI only] ?
• Boot from Storage Devices - Configuration options: [Ignore] [Legacy only] [UEFI only] ?
• Boot from PCI-E/PCI Expansion Devices - Configuration options: [Ignore] [Legacy only] [UEFI only]

Thank you for the help!

to much info for a simple task. Let me help. send me msg aside and we coordinate

NOTE: most of this  is on defautl once the bios is added UNLESS you have legacy system on your hard drvie. (nvme ssd mechanical. IF those are on legacy WILL NOT APPEAR on pure uefi.  

1. you need to use the new bios.

2. in order to use uefi secure boot eco system. you need: 1. CSM disable. 2. OS Type: UEFI. 3. Secure key, here there 2 options. standard (if you want to use ONLY windows) custum (is you want to use something else like dual boot for linux distros. the standard is very windows thingy is more secure. 

and that is it the rest is 100% irrelevant. 

NOTE CONS. you need to play with monitor menu in order to post correct. THERE IS NOT FIX for this. 

NOTE CONS if you hds are on legacy will not appear on UEFI here you can backup external and format later on bios on ssd and nvmes there is secure erase options BUT MAKE SURE make this ONLY on uefi pure. 

there is something else aside in order to make the armory crate work but those thing i only pass it along aside not on forums since are my own tricks and tips i have help for yearsssss. so work always . the process is fast and is only time to wait

I will up for another 4 h since was a long day. 

cheers

SecureBoot is mostly Windows thing and was I think introduced by Microsoft.

If you have standard UEFI system, which boot from SSD and to Windows 10/11 it won't matter much.

If you have dual boot - Linux and Windows, it might not work, only a few Linux distros support SecureBoot, and need custom configuration (I'm not expert on this).
If you boot from network drive it might not work.

For Windows 10/11 SecureBoot to work, you need to set:
- Launch CSM [Disabled / UEFI Only].
- OS Type [Windows UEFI mode]
- Secure Boot Mode [Standard]

If you have some bootable USB, you need to recreate with Rufus them to support SecureBoot, that includes Windows 11 installation USB (oh irony it does not boot in UEFI :D).

If you already have UEFI with Windows 10/11 installation on GPT partition, then SecureBoot can always be disabled an is a matter of going to BIOS and changing a few options (reverting above settings to default).

What SecureBoot does is it check signatures of boot loader and Windows establish security chain basing on that.

It it finds unsigned boot loader, like on legacy USB drive it will popup a warning message and stop booting. You can always bypass this by disabling SecureBoot at any moment by going to BIOS, but the idea here is to work only with signed boot loaders that in theory improves system security from malware attacks, blocks shady device drivers from loading and blocks laoding kernel level cheats.

But there is always some bypass to everything and SecureBoot is not 100% bullet proof, and on some motherboards due to human mistake secureBoot was compromised.