Support automatic Code Integrety Certificate Management
Securing Win10 systems with Device Guard properly will include the need for enterprises to implement the generation and management of digitally signed catalog files for applications that are not delivered as signed (or also in cases where they don't trust the vendor signing).
App-V could be an excellent place to help the enterprise do this. As part of sequencing, the sequencer knows what all of the binary components are. It can generate the hashes and create the catalog file as part of the capture (what PackageInspector.exe does today). The sequencer VM could be pre-prepped with the code signing cert in the store, the sequencer (perhaps when a new "advanced" checkbox is selected along with a place to enter the password required to use the private key?) signs the catalog file placing it in the scripts folder. It then adds an add & remove script automatically to the internal AppXManifest file to cause copy/remove of the catalog file to the appropriate client system catroot/GUID folder.