Leave the secure boot alone in bios. Fedora already has a signed kernel and is automatically enabled to boot with secure boot enabled.
The only time it interferes with fedora is when the user tries to use certain devices that have their own compiled drivers that do not come directly from the fedora repos. Examples are nvidia and VirtualBox. In that case the system will still boot but will not load the unsigned modules.
When using those devices or software then either disable secure boot without altering the keys used (unsigned modules would load), or alternatively create your own keys and enroll that key into the bios so the modules can be self-signed and will load with secure boot enabled.
For software built from akmod packages the user can install akmods then follow the instructions at /usr/share/doc/akmods/README.secureboot to generate the key and import it into bios. Following that each module built with akmods will be automatically signed for use.