secure boot is a uefi feature, not present in legacy bios; it is really limited and is just a whitelabel-based signature check on firmware and other software that are loaded at boot.

They are mostly useful to lock-in users and prevent utilizing their hardware with "not-approved software"; the security aspect is mostly a joke.

If your machine is recent and the hardware is still supported by vendor you may consider keep secure boot on, to have some security on what software is loaded in your machine.

If your hardware is old enough, maybe you want to disable it and replace all the software your machine runs with the update community maintained updated versions, installing linux, foss bootloader, even foss bios with coreboot if its supported.