I found this can be "fixed" with the following reg key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing] "Policy"=hex:00
Will it work applying this from cmdlines.txt, at that early stage? And does DriverSigningPolicy=Ignore in winnt.sif not work, or is this only for OemPnPDriversPath?
Im also installing some drivers from WPI, so Driver Signing should be off at least at WPI stage, and maybe turned back on at cleanup after WPI?