No, it's the other way around. It originally was as the article described, and once Microsoft probably got scared about antitrust (or thought about how the heck they'd buy hardware for Azure and not be able to load their own secure boot keys), they changed the procedure. As of 2015-ish, the information I linked applies (for x86).