Question on driver signing

I realize there are lots of threads on this topic but I think that i have a slightly different question and I am unable to find the answer.

I have a windows server 2016/2019 driver that I would like to make available to my customer.
In their environment secure boot may be off or on. We cannot control that.

My driver is not a boot driver.

The customer does not require WHQL testing and I do not plan to do WHQL in the immediate future.

Seems like submission to the dev portal is required if I plan to run on my computers where I do not know the status of secure boot but the dev portal seems to require HLK/WHQL results.

Is it good enough if my customer gets a EV certificate?. My customer wants to know what he needs to buy. I guess I am just trying to find out what my customer needs to get.

Is it good enough to sign both the driver package and the driver itself with the EV certificate?.

If you want the driver to boot with Secure Boot enabled you’ll need a driver signed by Microsoft through the portal. You can either go through the HLK/WHQL process or attestation sign through the portal. Sounds like you’ll probably be going the attestation route.

The portal does not require WHQL results for attestation signing. You do need an EV certificate in order to create a portal account. The driver package does not need to be signed, although most people do so.