You have to Root your phone to install custom firmware.
Rooting disables some of the built-in security features of the operating system, and those security features are part of what keeps the operating system safe and your data secure from exposure or corruption. Since today’s smartphones operate in an environment filled with threats from attackers, buggy or malicious applications, as well as occasional accidental missteps by trusted users, anything that reduces the internal controls in the Android operating system represents a higher risk.

Quantifying that increased level of risk is hard, because it depends on how the phone was rooted and what happens next. If a user roots their smartphone and doesn’t do anything outside of normal day-to-day usage, it becomes difficult to point and say, “This is a big security problem.” But if a rooted phone stops checking for software updates and security patches (or cannot install them because the kernel is no longer signed properly), then even a phone used in a very normal way slowly turns into a ticking time bomb running old software and applications.

Many users root their phones and then engage in unsafe behaviors, such as installing pirated applications or malware — even unintentionally. In that case, the security risk rises quickly.

A rooted smartphone — especially one that doesn’t get updated — creates a security problem that gets worse over time. Similarly, some of the important security features of smartphones, such as Samsung’s Trusted Execution Environment (TEE), can be disabled when a smartphone is rooted. Then, applications dependent on the security of TEE for encryption key storage or home/work partitions, for example, either stop functioning entirely or are no longer secure.

Samsung Knox also has rollback protection as part of the trusted boot process. Another favorite rooting technique is to load an older version of the Android operating system with an old bug that makes it easy to root the phone. With Knox-integrated phones, though, once a new version of the operating system has been loaded, it can set a minimum version number in the TEE, and the smartphone can detect if the operating system meets the minimum requirement. Depending on where the device is in the boot process, it will either refuse to load older, buggier versions of the operating system, or in some cases, it will boot up but clear out the secure area in the TEE, which has decryption keys in it, effectively wiping the phone’s data storage. Rollback protection is a one-way street — no amount of factory resetting the phone will clear this information out, so once a phone has been patched and the rollback protection updated, it can’t be unpatched by someone trying to root it.
Once you Unlock the Bootloader of your phone, you can Root your device, Install Custom ROM, Custom Recovery, Mods, etc.

The bootloader is a handy feature that will allow you to do advanced stuff with your android.
The phone warranty will get void.Samsung Galaxy Note 10 will no longer Secure.You may face lagging issues on Samsung Galaxy Note 10.If anything goes wrong, then your device is bricked.

"What is eFUSE? it’s a technology that allows reprogramming a read-only memory chip in real-time, even though such chips come with hard-coded code that cannot be generally changed after manufacturing. When flashing unofficial software on the device, the status of the system and KNOX is switched to CUSTOM while increasing a binary flash counter, which helps Samsung find out whether the device has been tampered with. However, while Chainfire’s TriangleAway app has let users switch the status back to official and reset the flash counter until now, the KNOX status is based on eFUSE – basically, once you flash custom kernels or root the Note 3, the KNOX code gets rewritten, and this constitutes hardware damage."

According to https://en.wikipedia.org/wiki/EFUSE : "In computing, eFUSE is a technology invented by IBM which allows for the dynamic real-time reprogramming of computer chips. Speaking abstractly, computer logic is generally "etched" or "hard-coded" onto a chip and cannot be changed after the chip has finished being manufactured. By utilizing a set of eFUSEs, a chip manufacturer can allow for the circuits on a chip to change while it is in operation. The primary application of this technology is to provide in-chip performance tuning. If certain sub-systems fail, or are taking too long to respond, or are consuming too much power, the chip can instantly change its behavior by "blowing" an eFUSE."

I'm interested in the physical method being used to set the warranty void bit. This sounds to me like there is an actual fuse of some kind on the ROM memory chip that will, what, overheat and kill itself when Knox is tripped? Maybe there is just a bit of solder somewhere that gets some current passed through it If Knox is tripped and the solder melts and this is the "rewriting" of the code mentioned in the first quote? Perhaps someone can answer this or point me at a discussion somewhere that goes into the physical methods of this particular use of an efuse.

But If I Flash The Stock Firmware Again , It Should Bring Some Of Knox & Other Apps To Working Stage If Not All !! Right ???🚫

Once Your Phone's Knox Has been Tripped, You can Never Enable it Back again, The Super Disadvantages Are That You'll not be Able to Use A Lot of Apps Which Requires Knox, Such As
1. Samsung Pay
2. Samsung Secure Folder
3. Samsung Health and My Samsung Apps
Tripping Knox also Means You Have Voided your Phone's Warranty Which is Fortunately Only for 12 Months, So If You have Voided your warranty after 12 months, Then there is nothing to be scared about, But tripping Knox have been so Dangerous.
And Yes, No More Banking Aps on your Phone