Glad you worked it out.
Supposedly Ubuntu should totally work with Windows and secure boot. It is using the same Microsoft UEFI key. But some vendors modify UEFI to only boot Windows by filename.
We normally suggest secure boot off, but Windows may only boot with it on. Then Boot-Repair usually has to do some file renaming.
There also is a bug report on the locked efi partition. We are not sure how this is occurring, but it just may be corruption in the image used. Your fix of backing up, deleting, recreating & restoring is the main work around in the bug report.
The entire UEFI dual boot is not very easy and requires each user to do a lot to make it work. And each vendor does it just enough different that there is not just one procedure. Only a couple of vendors (or maybe even models within a vendor) have seemed to work reasonably well.