Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies that Trusted Launch is enabled, which restricts the set of processes that can be launched under a package's identity.
Element hierarchy
<trustedlaunch:TrustedLaunch>
Syntax
<trustedlaunch:TrustedLaunch>
<!-- a string value of either "true" or "false" -->
</trustedlaunch:TrustedLaunch>
Attributes and elements
Attributes
None.
Child elements
None
Parent elements
| Parent element | Description |
|---|---|
| Properties | Defines additional metadata about the package including attributes that describe how the package behaves. |
Remarks
For Trusted Launch to be enabled, you must set the contents TrustedLaunch to "true" and you must also include a uap10:PackageIntegrity element and its child uap10:content element, with the Enforcement attribute set to "on".
Only executables within the signed catalog file generated by SignTool are allowed to run under the package's identity. For packages with external ___location, the binaries in an external ___location aren't in the input to SignTool, so their hashes aren't in the catalog. But if you include a CodeIntegrityExternal.cat catalog in the MSIX, SignTool will merge those hashes into the generated CodeIntegrity.cat.
Example
The following example shows how to use the TrustedLaunch element with the PackageIntegrity element.
<Package
...
xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
xmlns:trustedlaunch="http://schemas.microsoft.com/appx/manifest/trustedlaunch/windows10"
...
>
<trustedlaunch:TrustedLaunch>true</trustedlaunch:TrustedLaunch>
<uap10:PackageIntegrity>
<uap10:content Enforcement = "on" />
</uap10:PackageIntegrity>
Requirements
| Item | Value |
|---|---|
| Namespace | http://schemas.microsoft.com/appx/manifest/trustedlaunch/windows10 |
| Minimum OS Version | Windows 10 version 26100 |