The article specifically says this is self-signed so won’t work with SecureBoot enabled.
This is technically a bootloader, so it has to find a way to get loaded by the UEFI. The article doesn’t say it’s able to do that, the guys has to manually trust the signing certificate or disable secureboot.
I assumed they had jammed a new DXE into the UEFI capsule, which would probably be able to subvert secure boot.