So, the private key for regular code-signing certificates will have to be saved on hardware tokens... Good thing I renewed the code signing cert a few months back and won't have to think about this in two years, it'll be hell-a annoying if this suddenly makes the code-signing process manual...
