The OP asked why secure boot is necessary. If you want full security at the cost of compatibility, then "The UEFI Secure Boot requirement ensures that a system boots with only code signed by either the device builder, the silicon vendor, or Microsoft. It does this by ensuring all code is signed by specific entities and by recording cryptographic hashes in hardware that can also be sent to the cloud to verify integrity. If a system can be compromised prior to the operating system boot, then all kernel, user and endpoint security tools can be completely undermined."
If on the other side you prefer full compatibility and you are using the internet carefully, then I just say Secure Boot is not absolutely necessary.
The final choice is yours. If you don't mind spending money on something you might not really need, who am I to judge you. Your money, your decision. I have made mine. I have already upgraded my main PC to Windows 11 (see 2nd PC specs) and so far I had no issues.
Security is all about layers of protection. The more layers, the better you are protected. This is well shown philisophically by the Swiss Cheese Model.
Each layer represents some security aspect e.g. layer 1 could be AV, Layer 2 could be Secure Boot, Layer 3 - Firewall, Layer 4 - Common Sense.
Each layer will have some weaknesses (the holes), and if really unlucky, all the holes line up and the "spear" gets through if aimed just right.
In the above, most "spears" will not get through.
The critical point is if you reduce the layers, you increase the chances of a "well aimed spear" particularly with the common sense layer as that will have more holes than other layers as "human error" is much more likely than a virus getting through an AV package.
Ok, maybe "secure boot is not absolutely necessary" but I contend that anything that reduces security is to be avoided.
The problem is many go one stage further e.g. turning off Defender as well (2 layers switched off).
Ok, I know this is all obvious to you and most users here, but when I explain it like the above to my relations and friends it just makes them think about what they are doing.
Equally, one should not become complacent - some believe the "marketing hype" that package XYZ is the best and then they stop thinking and completely destroy the "common sense layer".
In real life, the holes might be bigger than you think, e.g. an AV package may be susceptible to the latest viruses.
In the end, it is all about risk mitigation.
Incidentally, I do a lot of Risk Analysis in the Offshore Industry and we use a lot of techniques (LOPA - Layers of Protection Analysis, SIL - Safety Integrity Levels, HAZID - Hazard Identification etc) but they all boil down to one common theme - minimise overall risk by minimising ALL individual risk elements that you can think of where possible.
In the end, the same principle apply here as in many other aspects of life, driving, eating (except perhaps in marriage which defies all logic known to humankind LOL)
blogs.windows.com
