1) The Import section of the driver's PE file originally was READ/WRITE/EXECUTE. HLK doesn't like that, for security reasons (to avoid malware attacks). So I've now changed that to READ/WRITE, only.
2) NonPagedPool allocations in the driver are by default read/write/executable, which again is bad for security. My driver never allocated any NonPagedPool at all, so it wasn't really a problem. However, HLK was still not happy because my driver didn't have the "IMAGE_DLLCHARACTERISTICS_NX_COMPAT" flag set in the PE header. So I've added this flag now.