So, based on our BSOD, we can conclude that non-HVCI WDAC driver blocking based on signer does work. But didn't I say earlier that it does not?
I'm glad you're paying attention. Yes, based on this test we can conclude that WDAC driver blocking based on signer does indeed work. But blocking based solely on signer never really happens in the real world, since it's important for Windows to be able to boot. So in the real world we have blocking by signer with FileAttrib qualifiers.
This is what's broken with non-HVCI attempts to block things based on signer. (Publisher and friends)
Without a FileAttrib qualifier, Windows will BSOD, thus proving that WDAC is effective in blocking drivers by signer. However, with a FileAttrib qualifier, Windows without HVCI won't bother blocking anything by signer.