Yes, because the CPU boots after the T2, and the T2 emulates the SPI ROM to the PCH. There is no actual BIOS Flash chip, only T2 Flash.
Normally the CPU talks to the PCH and the PCH via SPI to a Flash ROM. The CPU has a BOOTROM which can cryptographically verify code blocks, the PCH has a CPU that can do the same, and the firmware has signed code blocks. It starts out with the CPU reading an authenticated code block which contains further code to verify other blocks.
Problem is that you still read SPI Flash which can be modified out of band, so after the CPU ROM reads the ACB it continues reading code which can be altered and if the UEFI firmware is set to 'verify but don't stop running' mode, you can modify all you want and it will work. On the other hand, if it is configured that way but a bit flip happens you can't boot anymore and can repair either. Apple's solution was to get rid of that completely and just emulate that SPI Flash from the T2 chip. The T2 is a complete SoC running an OS and has a secure enclave. Because it doesn't have to support 1980's Intel architecture they had a lot more freedom in designing security from the start, something Intel can't do unless they can break with backwards compatibility.
Normally the CPU talks to the PCH and the PCH via SPI to a Flash ROM. The CPU has a BOOTROM which can cryptographically verify code blocks, the PCH has a CPU that can do the same, and the firmware has signed code blocks. It starts out with the CPU reading an authenticated code block which contains further code to verify other blocks.
Problem is that you still read SPI Flash which can be modified out of band, so after the CPU ROM reads the ACB it continues reading code which can be altered and if the UEFI firmware is set to 'verify but don't stop running' mode, you can modify all you want and it will work. On the other hand, if it is configured that way but a bit flip happens you can't boot anymore and can repair either. Apple's solution was to get rid of that completely and just emulate that SPI Flash from the T2 chip. The T2 is a complete SoC running an OS and has a secure enclave. Because it doesn't have to support 1980's Intel architecture they had a lot more freedom in designing security from the start, something Intel can't do unless they can break with backwards compatibility.