Therefore, with OpenCore 0.7.4, and:
UEFI Secure Boot disabled
TPM 2.0 enabled (fTPM)
Windows on my Z370 build has been upgraded to 11 without any tweak, and it can still receive updates.
macOS 11 in the separate SSD is unaffected and still let me write this post.
I ran the latest PC Health Check app on Windows and my Z370 build fulfilled the requirements of Windows 11, but UEFI Secure Boot was disabled. If Windows 11 can run without problems when UEFI Secure Boot is capable but disabled, I won’t have any motivation to set anything related to UEFI Secure...