So if I disable secure boot, install Ubuntu, and then reenable secure boot, it does boot the installed OS.
And if I run mokutil --list-sbat-revocations
it lists:
sbat,1,2023012900
shim,2
grub,3
grub.debian,4
And now I can boot the Ubuntu install media with secure boot enabled! So the installed Ubuntu seems to have set/overridden the SBAT NVRAM entry.