...systeminfo my BIOS Mode is UEFI but in BIOS it is UEFI+Legacy. Can't I enable them without set UEFI+Legacy to only UEFI?
Ryzen 3600 CPU's do have an fTPM that's 2.0 compatible, so you are good to go there.
I've noticed that oddness with my BIOS too (TUF B550m Plus/5800X) ...that is, it has a UEFI+Legacy setting and it reported it was in UEFI mode with Secure Boot enabled. I'm not sure what it meant, but I flipped it to UEFI mode only with no issues encountered. Apparently it didn't matter which setting it was in as the machine's in UEFI mode with secure boot either way.
You said you only just installed Windows11, so I assume the OS is "pristine" and new, so to speak. If so, now's the time to switch everything on so first is to enable Secure Boot, but do not mess with custom keys. If the system is NOT in UEFI mode it will not let you turn on secure boot. Then also turn on the fTPM...it may be called a "security processor" in BIOS settings, that's the case with mine.
If the OS refuses to start you can reset CMOS, even re-install Win11 if you need to since it's fresh. So not much lost. The best way to install the OS is with UEFI enabled, Secure Boot enabled and the fTPM enabled. That way it knows exactly what to do and sets up correctly. Most recent BIOS' enable those things by default.
BTW: from within Windows, go into the Device Security systems settings (type it in the Search box). You're looking to see if you have the Security Processor and Secure Boot enabled at least. You might also need to enable SVM in BIOS: that's Secure Virtual Mode which allows apps to create secure virtual machines. It can create problems with other apps though so I leave it disabled unless it's needed.