It is secure boot specific which I believe is a in theory working but in reality a broken mechanism because of certificate logistics. We could also call it Microsoft Boot at this point. Sure, it will work better in Windows, but it comes at a hidden price.

Also, this won't give you too many benefits aside from convenience to skip one password entry, while any Saas will at some point leverage it against you if it every gets popular. That is basically the gist of secure boot or trusted platform in general right now.

Smartphones are trusted platforms and their software landscape is atrocious and predatory. Trusted platforming would move it in exactly the same direction.

Meanwhile boot viruses have become quite rare, because phishing and extortion is much more profitable.

Or you could just disable SecureBoot. I needed it for a specific use case on my laptop that had sensitive work related information (full disk encryption plus SecureBoot enabled).