I am not familiar with Talos, but I am wondering it’s got some custom linux kernel module(s) associated with it?
Secureboot requires signed kernel modules, so when you build a different application from code (e.g. zfs) it wont work out of the box unless it gets signed by a secureboot key. Linux (at least Debian) gives us a machine key for doing that (via the command mokutil). It conveniently provides a means of signing your own kernels so that they work with secureboot but it is a bit of an odd procedure to go through.
So, if this is the root of your problem you can try to get your systems key added to the chain of trust. See the instructions here, which further explains this and shows how I sign a zfs module built from source on a Debian server. You have to register your systems key into the chain of trust. I warn you, it’s “quirky”:
Of course, I am only guessing that this might be your problem so apologies if this just sends you down a different rabbit hole.
GL.
Andrew