Well, I don’t have Windows (except some on VM’s) and I don’t really care for secure boot.
I use Debian exlusivley.
I also dislike snaps and flatpaks a lot, and I dig up the net for real .deb packages, or cook them myself from source, or ripped binaries.
So this stuff is really new to me as well.
As I read, because of secure boot you need to sign DKMS modules. As part of the signing process you need to provide a password, which is then used for signing upon first reboot.
If I understand correctly, this is a one-time process, once the module got signed, you don’t need that password anymore.
If I understand correctly, if you mess up something really badly, you won’t be able to boot Ubuntu.
This seems to be the worst scenario in this case, however all other OS remains bootable, including Windows.
If you want to avoid being slapped for absolutely sure, do backup!
Backup!
As always, if you have a backup, the worst thing can happen then you will need to reinstall, and restore.