Yes, it can protect the /boot and /boot/efi from malicious modifications in some cases.
But if you’re using USB disk with the same USB controller attached to sys-usb that you use to connect some untrusted USB devices then it’s possible that some malicious USB device will compromise sys-usb, write malicious firmware in USB controller and restarting disposable sys-usb won’t get rid of it and this malware in the USB controller firmware may then modify the files on your boot USB disk that you connect to it.
Also unlike Anti evil maid or TrenchBoot, it won’t protect against malicious EFI firmware.