Simply: Do the protections against someone taking your computer and installing a malicious program before/as your OS, or a program that has attained root on your machine and installs itself before/as your OS, matter enough to you to justify the increased risk of being locked out of your machine and the effort to set it up and understand it.

If you don't understand and don't want to put in the effort to, then my advice would be to leave it off. Its simple, and the likelihood it saves you is probably very miniscule.

Secure boot has always caused me headaches in the past.

If you want the extra security, go for it. If you don't care, turn it off.

Short answer: off

Long answer: If you won't use your system for gaming (or anything requiring third-party drivers) and trust Microsoft to not fuck up and will also encrypt your disc, then Secure Boot makes you safer. Otherwise it just causes trouble.

I use Linux Mint and I disabled it because it was blocking the nvidia driver from initiating. I’m sure I could fix it, but can’t be arsed to.

Secure boot is a good thing. It's a security feature. You want it on whenever possible, unless it's a huge trouble (like if you have to start manually signing your own keys and adding them to the bios).

Edit: added the word manually

If you're not actually going to be engaging in securing anything with it, just leave it off to avoid issues.

As always, the answer is "depends". It shouldn't hurt unless you're dual-booting windows (they used it last year as a weapon in their "mess up grub" game), but, Imo, it's worth the trouble if:

• your data is also encrypted -- otherwise one just removes the HDD/SSD and reads what they need;
• you provision your own keys -- to not depend on Microsoft signing shims for you;
• you delete the already provisioned keys -- Microsoft signed a few vulnerable things, like one kaspersky's (iirc) live CD with grub not locked down, so one can boot up literally anything anyway;
• you lock down grub or whatever bootloader you're using -- otherwise you become that vulnerable live cd;
• you password lock the uefi -- otherwise one can simply disable the secureboot;
• your vendor's implementation isn't terribly buggy -- iirc, some MSI laptops would just ignore all the discrepancies.

So, a lot of ifs, and a necessity to store the uefi password somewhere safe, as those may be a pita to reset.

As for standalone stuff -- idk, it might protect you from malware injecting itself into the bootloader or something, but given there's likely no chain of trust (I.e. the bootloader doesn't check what it bootloads), it can move in on some later step.

Its main purpose is to prevent malware from booting. In my experience its main purpose seems to be preventing me from booting things I want like ventoy flash drives, nvidia drivers, and Linux distros that don’t support it. Same goes for tpm module. Its main purpose seemed to be the switch keeping win 10 from upgrading. I turned them both off and haven’t felt the strong need to turn them back on yet.

That said, and my bad computing habits aside, you probably should turn them ON. I’m not sure they will do all that much realistically speaking, but if it isn’t getting in your way (and it shouldn’t), then ON isn’t a bad default state to be in.

I was looking for an official documentation entry on this matter to share with OP, ideally something centralized like Fedora's RPM Fusion or the comprehensive Arch Wiki. While I found various user-created resources, I was surprised not to locate a centralized official documentation page addressing this topic. I'm quite familiar with Linux Mint's user-friendly approach, so perhaps I've overlooked something? I'd be genuinely delighted if someone could point me to such a resource, as it would be tremendously helpful not just for OP but for the community as a whole.

It's a layer of security. Keep it on when you can. If you have issues doing something, then turn it off (and see if you can turn it back on afterward).

If you want extra security turn it on or you want windows or any game (looking at you vanguard)to shutup about security boot being off
The only problem with security boot if you care about this is that it's managed by Microsoft(most of the time)

@ArchmageAzor secure boot is very low on your priorities. Start with FDE (full disk encryption). This should be the default in all Linux distros

On!

If you aren't sure, install with secure boot off. If you like adventure, install with secure boot on and see if secure boot causes problem or not. If yes, then install with secure boot off

i turned it on mine. Running linux mint and windows 10 ltsc on seperate hard disk. Havent turn into any problem so far.