Is it possible to use a trusted platform module (TPM) to sign installers? I'm afraid I don't quite understand how TPMs work, but I guess you need to set a particular cryptographic service provider (CSP) rather than using the Windows certificate store. For instance, the signtool command has a /csp parameter. Can this be set for Basic MSI project signing?