Easy, you can see whats "inside" the secure fingerprints, you can see there is an unknown trusted key in there in the user custom key example, while for Windows 11/driver updates all the keys would be known ones from Microsoft.