Windows 11 on ARM64 Driver Signing Requirement

Reference discussion:
https://github.com/pbatard/libwdi/issues/289#issuecomment-1878861404

From Pete Batard, the author of libwdi.
++++++++++++
For the record, my current guess is that whereas the (current) official documentation states:

If a driver package is signed by a Windows signing authority or a trusted publisher, Windows stages and installs the driver package without prompting the user.

thereby indicating that a driver packages where the signing certificate is present in Trusted Publishers should lead to driver installation, Microsoft might have introduced features of Windows S mode to Windows on ARM64, and especially:

Driver packages must be digitally signed with a Windows, WHQL, ELAM, or Store certificate (…)

thereby excluding self-signed credentials where the certificate part gets installed in Trusted Publishers.

However, as opposed to S Mode vs regular mode driver package installation differences, I have not been able to find any documentation related to x64 vs ARM64 driver package installation differences…

Reference: old discussion for Windows 11 x64
Some Windows 11 x64 insider build has the same issue, but no problem with official release build version of Windows 11 on x64.
https://community.osr.com/discussion/comment/302735

@Xiaofan_Chen said:
Reference: old discussion for Windows 11 x64
Some Windows 11 x64 insider build has the same issue, but no problem with official release build version of Windows 11 on x64.
https://community.osr.com/discussion/comment/302735

Peter posted the folloing comments in the above discussion.

@“Peter_Viscarola_(OSR)” said:
Just a side note (I have no experience to add about Win 11 and self-signed certs).

It’s easy for a lot of us to ignore this method of signing as a bad work-around for avoiding getting a “real” signature. But there are a significant number of Enterprise-level ISVs and (particularly) IHVs who use this method of driver signing. So, if a self-signed certs placed in the trusted publisher store no longer work, there a “a lot” of folks who are gonna be surprised come release time.

Peter

Hopefully someone here can shed some light on this issue.

Could this method (self signed cert) work on Secure Boot? It would be a big
hole were it possible, and yet would’ve killed of any such use were it not.