In RDK DOCSIS platforms, when using a Sectigo Root Certificate (which is self-signed by nature), how is trust established on the device side?

Specifically, does RDK assume trust in a self-signed root certificate by default (e.g., via a compile-time define or relaxed TLS verification), or is the root CA expected to be explicitly present in the device trust store for the certificate to be considered valid?