I don't see how enabling secure boot helps here, since UEFI is responsible for enforcing that and is compromised. I'm sure some might recommend more roots of trust and signing down and verification that starts at the chipset, but I'd recommend an alternative with less attack surface and better user control: a jumper.
The article specifically says this is self-signed so won’t work with SecureBoot enabled.
This is technically a bootloader, so it has to find a way to get loaded by the UEFI. The article doesn’t say it’s able to do that, the guys has to manually trust the signing certificate or disable secureboot.
I assumed they had jammed a new DXE into the UEFI capsule, which would probably be able to subvert secure boot.