I'm pretty skeptical of this article's claim that you need a firmware update (UEFI/BIOS update) to address this. You should be able to just enroll the new certs/keys yourself through the UEFI interface. You could, presumably, instead create a (temporary) Windows install and run the steps here:
https://techcommunity.microsoft.com...g/updating-microsoft-secure-boot-keys/4055324
I admit I have not tried this myself, but I did do something similar back when I ran a more esoteric version of Linux. It didn't work out of the box with secure boot (the way Ubuntu, etc., do), but all I had to do is enroll the bootloader via the UEFI and I was good to go.
Edit: Ended up enrolling the new MS 2023 KEK just to try it out. Was pretty quick and easy; admittedly I don't really know how to test it, but it seemed to have work just fine. Used the cert listed in section 1.5 here
https://learn.microsoft.com/en-us/w...ation-and-management-guidance?view=windows-11