No, Secure Boot does not need to be enabled in the UEFI settings for Windows Automatic Updates to download and install updates on Windows 11. Secure Boot is a security feature designed to prevent unauthorized software from running during the boot process, but it is not required for the automatic update process itself. However, Secure Boot is a requirement for installing or upgrading to Windows 11, as it helps ensure a secure computing environment. In addition, neither Device Encryption nor BitLocker Drive Encryption need to be enabled for Windows Automatic Updates to download and install updates on Windows 11.
Hmm... Maybe it is another feature I'm thinking of. I do remember a few people mentioning they weren't getting auto updates in Win10 after secure boot was turned off. And I thought i read the same recently about Win11 device encryption on the Microsoft website - regardless of secure boot status I was assuming. There are definitely third party programs such as Adobe CSS which are mentioned as requiring secure boot turned on to work. Can't find anything official about that from adobe though. Some EA games require require secure boot on.. Apparently Valorent, is even stranger. The consensus is that it requires secure boot off. Maybe that's all anti piracy and anti cheating design logic?
I suppose that turning Secure Boot back on again before entering the correct key should stop the key prompt re-appearing on every startup.
Not what's being reported. Think that's why people are turning it off and on so many times causing SSD damage. People might want it back on without the prompt appearing, so they try to undo the changes that cause it.
It would probably be the order of
Turn off device encryption
Make changes that could otherwise trigger anti tamper
Turn device encryption back on with the assumption that it will now accept the changes as legit
Recovery prompt appears every boot now.
And to fix it so you might try
Turn off device encryption again - so you don't need your recovery key to boot every f*#!#*g time
Undo changes which cause the recovery prompt to appear, or try something else with the assumption when you turn encryption back on, you won't get recovery prompt,
Turn device encryption back on
Recovery prompt appears
Rinse and repeat.
That's one of those reasons why I always stick to the Home edition. Everything that I have stored on my Windows laptops is just not encrypted nor worth stealing.
Not sure that's relevant to what you are quoting. I was simply saying in that quote that reinstalling Windows will easily fix any corruption of the file system that an unbootable Windows is installed on. But you might trash your OEM preboot drivers by doing so, and they can be useful. Image your drive from within Windows before it can go bang. That means the partition Windows is installed on, the WinRE, OEM and EFI partitions as well.
On my old Medion laptop (system 2 in my specs), that came with Windows 10 version 2004 preinstalled at the time when I bought it at the local grocery store at the end of the year 2020, during OOBE it did ask me this question. It was just a simple text screen with light grey text on a black background. I aswered yes to see what it was about, as I had never heard of BitLocker on Windows 10 Home before. I turned it off some time after letting Windows 10 update itself to 20H2 along with all the other updates, uninstalling the free McAfee, and getting latest drivers. It's been off ever since.
I don't know anybody who has a Medion. don't get many for tech support either. And I'm not surprised really. I had a Medion desktop with XP years ago. Memory was toast after a year. Installed Linux on a Medion USB HDD though. That drive still works for backups to this day.
I have reinstalled Win11 on some Medion laptops I think, but I don't remember that OOBE setting. Maybe if you reinstall from a Windows USB it removes any OEM customizations, including the OOBE? The SSD was toast though, so no OEM partitions.
The Asus (system 1 in my specs) came with Windows 11 Home. On this laptop, Device Encryption was already on by default, but the padlock sign on the drives in This PC was showing unlocked (decrypted). So, all I had to do was turn off Device Encryption, and just keep it that way.
My most recent laptop is a ASUS G18. The padlock shows locked.
Honestly, what is the point of turning it on at install, even showing it in security settings as turned on just for it to actually be off anyway? Apart from the honest padlock, it's straight up lying to you. I mean what if you actually want it on? You would think it's on when it's actually off. And what else do you have to do if the padlock does show unlocked to actually turn it on?
"
Well, my aim is to follow this french tutorial: 
