A lot of my windows drivers have expired dates for the certificate, and some are not even signed, is this normal? [migrated]

I just gathered all the drivers in my system32/drivers folder and checked their certificate (my windows is updated and its a windows 10 x64)

But i found that so many of them have expired certificate! and some are not even signed! (pictures included)

so my questions are :

  1. Is this normal? if not, what should i do? and if not, then why are the expiration date expired?

  2. How are these drivers are able to get loaded when they have no certificate or its expired? my system is W10 x64 with secure boot enabled, i thought you can only load signed drivers with valid certificates?

  3. What is the role of these countersignatures put in simply? i tried reading MSDN and other websites but couldn’t understand whats the need of this?

here are some examples

WindowsTrustedRTProxy.sys (countersignature is also expired) :

enter image description here

winusb.sys (no certificate) :

enter image description here