Starting June 1, 2023, code signing certificate keys must be stored on a hardware security module or token that’s certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This is intended to fight against an increasingly common problem—stolen code signing keys being used to sign and distribute malware. To meet these new ...