Hi
we are testing 'PKCS11' using LSDK 20.04
following 6.5.3.3.2 PKCS#11 based OpenSSL Engine (Third party OpenSC/libp11)
we want success 'openssl engine pkcs11 -t' command
(pkcs11) pkcs11 engine
[ available ]
but we are return errors.,..
'pkcs11.so' files not found error so,
I guess cause openssl engine is not generate 'pkcs11.so' files
and our /etc/ssl/openssl.cnf
thank you
Solved! Go to Solution.
You could add libengine-pkcs11-openssl to additional_main_packages_list in configs/ubuntu/additional_packages_list.
Then execute the following command.
$ flex-builder -i clean-rfs -r ubuntu:main
$ flex-builder -i mkrfs -r ubuntu:main
$ flex-builder -i packrfs -r ubuntu:main
Please edit /etc/ssl/openssl.cnf as the following.
[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/aarch64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH = /usr/local/lib/libpkcs11.so
init = 0
pkcs11 engine for OpenSSL can be installed on board using command sudo apt-get install libengine-pkcs11-openssl
Above command will install the libpkcs11.so (pkcs11 engine) in /usr/lib/aarch64-linux-gnu/engines-1.1/libpkcs11.so and this
will be dynamic_path in OpenSSL configuration file.
thank you for your reply
I find libpkcs11.so file
but I make another errors
and my /etc/ssl/openssl.cnf
(chantge dynamic path, module path)
+) add
How do I make image, including libpkcs11.so libaray?
I've already changed the libpkcs11=y option in the build_lsdk.cfg file.
Please enable the following options in configs/build_lsdk.cfg.
CONFIG_APP_OPTEE=y
CONFIG_APP_LIBPKCS11=y
CONFIG_APP_SECURE_OBJ=y
Then execute the following commands.
$ flex-builder -c libpkcs11 -a arm64
$ flex-builder -i merge-component -a arm64
$ flex-builder -i packrfs -a arm64
I used this option to build the image.
$ flex-builder -c libpkcs11 -a arm64
$ flex-builder -i merge-component -a arm64
$ flex-builder -i packrfs -a arm64
but I should installed 'sudo apt-get install libengine-pkcs11-openssl' when I used 'openssl engine' with pkcs11
how can I include libengine-pkcs11-openssl library into image??
You could add libengine-pkcs11-openssl to additional_main_packages_list in configs/ubuntu/additional_packages_list.
Then execute the following command.
$ flex-builder -i clean-rfs -r ubuntu:main
$ flex-builder -i mkrfs -r ubuntu:main
$ flex-builder -i packrfs -r ubuntu:main