I did run an older version of binwalk on the firmware image, but it was unable to unpack anything and only printed false positives. I have now tried the newest version and it's able to unpack everything and display a lot of information. The PE modules in UEFI seems to be signed as these signatures are found many times:
Certificate in DER format (x509 v3)
SHA256 hash constants, little endian
Very interesting to dig around in the firmware, I even found the boot splash image. Definitely a time sink, but fun.