You can, and for Linux generally have to, manage your own secure boot keys and signing your own kernal, united, modules, etc. Conacal and Red Hat have signing keys iirc, but distributions can and do get the shim boot loader signed so secure boot works. The arch wiki has a page on how to setup secure boot . Many distros installers do end up signed as well so you can go through the full install process with secure boot enabled.
It’s anything acidic from what I have found/read, the pamphlet that comes with mine mentions it. You can get a strong and longer lasting effect if you take calcium carbonate (aka antacids) around the same time.