I build and test a linux kernel source(rolling-stable) for fun, these days, I would like to sign a kernel module with self-created key, then I got the engine pkcs#11 on openssl is used to sign it.However there is a problem that openssl fails to request a key/certification. So I confirm with pkcs11-tool, but it results "No slots."Is this mean I should have slot involved in Smart card?Else, how do I sign kmodules??
Following is openssl.cnf digested
# referenced from the [provider_sect] below.# Refer to the OpenSSL security policy for more information.# .include fipsmodule.cnf[openssl_init]providers = provider_sectssl_conf = ssl_sectengines = engine_section[engine_section]pkcs11 = pkcs11_section[pkcs11_section]engine_id = pkcs11dynamic_path = /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.soMODULE_PATH = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.soinit = 0# List of providers to load[provider_sect]And I tried googling for a day, but I found only about enterprise, cloud....; not useful.