The info on the bootloader is wrong. Secure Boot in UEFI is important to understand. The actual bootloader is the largest vulnerable surface area in a modern computer with a fully encrypted drive.

Linux itself does not support SB in the kernel. SB is a mechanism to steal ownership from the end user. You can find a document that says the exact opposite; typical of corporate gaslighting from the members of the UEFI consortium. The specification for Secure Boot includes a provision to allow the end user to create and sign their own SB key set. However, the design specification is not a required implementation and in many cases you will find this is not implemented in consumer grade hardware. There is a tool called Keytool that can boot directly into UEFI (wrap your head around that and you’ll understand why this might be important). Good luck finding solid documentation for Keytool though. Gentoo has a guide, but all Gentoo documentation assumes a very high level of competence.

The reason people have issues with Linux and W11 coexisting is because they are not addressing the issue of UEFI Secure Boot. W11 only works with SB. If you boot into a SB distro, it will do exactly what it is supposed to do and remove any unsigned bootable code.

If you can’t change SB keys for self signed, both Fedora and Ubuntu include a shim key outside of Linux. The final package manager signs this shim key with a Microsoft 3rd party key signing system m$ created. If you use one of these distros with a shim, you will not be able to mess with kernel space at all (read: potential Nvidia issues), but Linux and Windows can coexist in any configuration.

I never use W11, and I have a copy on a separate drive, but I have a W11 partition on the same NVME as Linux with no issues whatsoever using Fedora with the shim key.