After a BIOS update I lost my ability to boot into my NixOS install, it instead booted right into my Windows partition that I only keep around for certain games that NEED it (mainly Battlefield 6). I used a USB drive with refifind (NixOS minimal boot) to boot into my local NixOS install again to confirm everything was still there, and it was… so I guess I just needed to reinstall systemd-boot.
I ran nix-shell -p efibootmgr --run "efibootmgr -v" to verify what is set to boot and noticed that my Linux was no longer present and only the Microsoft one was there. I then ran sudo bootctl --path=/boot install to put systemd-boot back into the bootloader partition (I still dont know why it got removed but I just assume Windows jank).
Now it boots without secure boot! Enabling Secure Boot causes the BIOS to complain that they keys aren’t present, though Windows can still boot.
I tried to put the BIOS into Setup Mode for Secure Boot, but it would always reset itself back to User mode on the reboot after. Confusing.
Apparently in the BIOS I had to go into Secure Boot -> Expert Key Management and set Factory Key Provision to Disabled, and only then I would be allowed to Reset into Setup Mode. This let me stay in Setup Mode.
At that point, I was finally allowed to enroll my keys via sudo sbctl enroll-keys --microsoft, rebooted, and enabled Secure Boot for reals. Confirmed I could dual boot into both Windows and Linux (though Windows forced a PIN reset, presumably a precaution for me messing with Secure Boot) and all is back to normal.