could not initialize BCCSP Factories: Could not find default `PKCS11` BCCSP

Question

I am running Hyperledger Fabric v2.2.3 from github release, in Oracle Linux 8.4
https://github.com/hyperledger/fabric/releases/download/v2.3.3/hyperledger-fabric-linux-amd64-2.3.3.tar.gz

I am running the orderer and peer without dockers.
and I am running PKCS11 using SoftHSM 2.5.0 without FabricCA.
I have also followed the guide at official document to setup the PKCS11.
https://hyperledger-fabric.readthedocs.io/en/release-2.2/hsm.html
I have also read this stackoverflow post stating that need to remove the SW section.
peer node start throwing Could not find default pkcs11 BCCSP error

I successfully generated the token, the certs for both Orderer and Peer.
My Orderer started everythings successfully, but not my Peer.

Question: is the pre-built peer binary in github release for v2.2.3 is not built with PKCS11 enabled ?
Am I need to build the peer myself to enable the PKCS11 support ?

2021-09-15 10:05:50.583 +08 [bccsp] GetDefault -> DEBU 001 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.585 +08 [bccsp] GetDefault -> DEBU 002 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.594 +08 [bccsp] GetDefault -> DEBU 003 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.595 +08 [main] InitCmd -> ERRO 004 Cannot run peer because error when setting up MSP of type bccsp from directory /appl/blockchain/peerOrganizations/org1/users/Admin@org1/msp: could not initialize BCCSP Factories: Could not find default `PKCS11` BCCSP

My Peer core.yaml

    BCCSP:
        Default: PKCS11

        PKCS11:
            Library: /appl/softhsm/lib/softhsm/libsofthsm2.so
            Label: fabric
            Pin: 123456
            Hash: SHA2
            Security: 256
            Immutable: false

My directory structures and files at the peer.
You may ignore the tls, as I am not using any tls at this moment.

[user@hyperledgerfabric org1]# tree users
users
└── Admin@org1
    ├── msp
    │   ├── admincerts
    │   ├── cacerts
    │   │   └── ca.org1-cert.pem -> ../../../../ca/ca.org1-cert.pem
    │   ├── config.yaml
    │   ├── keystore
    │   ├── signcerts
    │   │   └── [email protected]
    │   └── tlscacerts
    │       └── tlsca.org1-cert.pem -> ../../../../tlsca/tlsca.org1-cert.pem
    └── tls
        ├── ca.crt -> ../../../tlsca/tlsca.org1-cert.pem
        ├── client.crt
        └── client.csr

Update after compiled peer with PKCS11 enabled:

Now it gives the error not able to find KeyMaterial:

2021-09-17 10:50:44.513 +08 [bccsp_p11] getECKey -> DEBU 019 Private key not found [Key not found [00000000  9e c0 9a a7 5c df 5b 13  25 61 15 a4 d2 8c f3 ba  |....\.[.%a......|
00000010  90 c4 15 10 b5 e0 a6 48  de fd 23 96 14 29 b1 83  |.......H..#..)..|
]] for SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183], looking for Public key
2021-09-17 10:50:44.515 +08 [bccsp_p11] GetKey -> DEBU 01a Key not found using PKCS11: Public key not found [Key not found [00000000  9e c0 9a a7 5c df 5b 13  25 61 15 a4 d2 8c f3 ba  |....\.[.%a......|
00000010  90 c4 15 10 b5 e0 a6 48  de fd 23 96 14 29 b1 83  |.......H..#..)..|
]] for SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183]
2021-09-17 10:50:44.515 +08 [msp] getSigningIdentityFromConf -> DEBU 01b Could not find SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183], trying KeyMaterial field: Key not found. This is a dummy KeyStore
Failed getting key for SKI [[158 192 154 167 92 223 91 19 37 97 21 164 210 140 243 186 144 196 21 16 181 224 166 72 222 253 35 150 20 41 177 131]]
github.com/hyperledger/fabric/bccsp/sw.(*CSP).GetKey
        /appl/src/fabric-2.2.3/bccsp/sw/impl.go:170
github.com/hyperledger/fabric/bccsp/pkcs11.(*impl).GetKey
        /appl/src/fabric-2.2.3/bccsp/pkcs11/pkcs11.go:257
github.com/hyperledger/fabric/msp.(*bccspmsp).getSigningIdentityFromConf
        /appl/src/fabric-2.2.3/msp/mspimpl.go:220
github.com/hyperledger/fabric/msp.(*bccspmsp).setupSigningIdentity
        /appl/src/fabric-2.2.3/msp/mspimplsetup.go:401
github.com/hyperledger/fabric/msp.(*bccspmsp).preSetupV142
        /appl/src/fabric-2.2.3/msp/mspimplsetup.go:586
github.com/hyperledger/fabric/msp.(*bccspmsp).setupV142
        /appl/src/fabric-2.2.3/msp/mspimplsetup.go:647
github.com/hyperledger/fabric/msp.(*bccspmsp).Setup
        /appl/src/fabric-2.2.3/msp/mspimpl.go:267
github.com/hyperledger/fabric/msp/cache.(*cachedMSP).Setup
        /appl/src/fabric-2.2.3/msp/cache/cache.go:88
github.com/hyperledger/fabric/msp/mgmt.LoadLocalMspWithType
        /appl/src/fabric-2.2.3/msp/mgmt/mgmt.go:33
github.com/hyperledger/fabric/internal/peer/common.InitCrypto
        /appl/src/fabric-2.2.3/internal/peer/common/common.go:144
github.com/hyperledger/fabric/internal/peer/common.InitCmd
        /appl/src/fabric-2.2.3/internal/peer/common/common.go:324
github.com/hyperledger/fabric/internal/peer/channel.glob..func1
        /appl/src/fabric-2.2.3/internal/peer/channel/channel.go:102
github.com/spf13/cobra.(*Command).execute
        /appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:746
github.com/spf13/cobra.(*Command).ExecuteC
        /appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:852
github.com/spf13/cobra.(*Command).Execute
        /appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:800
main.main
        /appl/src/fabric-2.2.3/cmd/peer/main.go:54
runtime.main
        /appl/go/src/runtime/proc.go:255
runtime.goexit
        /appl/go/src/runtime/asm_amd64.s:1581
2021-09-17 10:50:44.515 +08 [main] InitCmd -> ERRO 01c Cannot run peer because error when setting up MSP of type bccsp from directory /appl/blockchain/peerOrganizations/org1/users/Admin@org1/msp: KeyMaterial not found in SigningIdentityInfo

Here is the token and object in SoftHSM:

[user@hyperledgerfabric ~]# pkcs11-tool --module /appl/softhsm/lib/softhsm/libsofthsm2.so --token-label "fabric" --list-objects
Certificate Object; type = X.509 cert
  label:      tlspeer.org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=peer.org1
  ID:         746c73706565722e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      orderer.ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, OU=orderer, CN=orderer.ordererOrg
  ID:         6f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104f8cab0e26330c5cde55afb3ffbffe0fee8a96cca7fcb08d7360e736b21552a337f0f29b1f68d708b296dcdc75922a9e709ffad6a3f3863f6ae039a71fac49d06
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlspeer.org1
  ID:         746c73706565722e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104ae4ae570e763654d9fa9f3bec3ffddde7402044153c32f3490e8f8d5a4c90be884385237fa9659914730ff38751bb3b9c8b046f7e9e6dc52b134ae247ff40ed0
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlsorderer.ordererOrg
  ID:         746c736f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   04410458679db1f667a4bcf3c0b13f62e80fe9a9d4982881b7772f192e9cabc20158e33299856d995a0fbbd7523fa69e9fe3e5543c8ea5e0dc327348ece7625cb96860
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlsca.org1
  ID:         746c7363612e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441047bfd15d2a4e46e74a77d4000c48235f2a9781842b3716b3c5cf26a0519766e75e49c0aac9c5939e0d54f8070acb2a82f232a5627abc4e9d2e00fc9adc1f6c66d
  EC_PARAMS:  06082a8648ce3d030107
  label:      peer.org1
  ID:         706565722e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Certificate Object; type = X.509 cert
  label:      tlsAdmin@org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=Admin@org1
  ID:         746c7341646d696e4066696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      ca.org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, CN=ca.org1
  ID:         63612e66696e6578757367726f75702e636f6d0a
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104de510ebd9f4de1dede7fb602ce17404222565b1214af54807d13b5fca21027e8f004efe5f924cfa5ada25db85757bbd887a5071ade0a0e13247ce5075ef36562
  EC_PARAMS:  06082a8648ce3d030107
  label:      ca.org1
  ID:         63612e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Certificate Object; type = X.509 cert
  label:      Admin@ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, OU=admin, CN=Admin@ordererOrg
  ID:         41646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      tlsca.ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, CN=tlsca.ordererOrg
  ID:         746c7363612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      tlsca.org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, CN=tlsca.org1
  ID:         746c7363612e66696e6578757367726f75702e636f6d0a
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441040c778079386f8febd1b72bd4c04b387117ae83109cfbccb85c3a6d9f36fe195567c657bf14ea49fb6991bacd505469c07818e2ab34befee3a0d2f44f0ed4bfee
  EC_PARAMS:  06082a8648ce3d030107
  label:      Admin@ordererOrg
  ID:         41646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Certificate Object; type = X.509 cert
  label:      tlsorderer.ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=orderer.ordererOrg
  ID:         746c736f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      peer.org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, OU=peer, CN=peer.org1
  ID:         706565722e66696e6578757367726f75702e636f6d0a
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104372fd1ef78bd6ed5ee952c177fc1990cf20c6aebc72106f54bd9a6423192aa1ed5698447618b5ea2b0569508c8dce3587e94268e570734396bcda60650a6d17a
  EC_PARAMS:  06082a8648ce3d030107
  label:      orderer.ordererOrg
  ID:         6f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   04410445fe15a00a608ccae5db578277fb2d31d14193161a317e2a9145be9a0dcfdadff534b2ee86fe0872ba1ef9a5868b7c23439544a7c0880485442053217e5a9239
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlsca.ordererOrg
  ID:         746c7363612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441045ff498d46abb2dc1bb915a97d29b0713b3e448e2bc3253e83e972f7812c5d4a556a04dafb175630e45d97481e71476eef74a8439c5afe8b0a2d0c85bdc2ef282
  EC_PARAMS:  06082a8648ce3d030107
  label:      Admin@org1
  ID:         41646d696e4066696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   04410487a8c34237457651cb0b87c6559d7d4fc6e055cf17fec1b2a42f6f22bbc0b4ea3d02b1336bc5d4cc8267dd01ce081a8ebd6d18ba8e41c2e241bda2bfdbdcb980
  EC_PARAMS:  06082a8648ce3d030107
  label:      ca.ordererOrg
  ID:         63612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Certificate Object; type = X.509 cert
  label:      tlsAdmin@ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=Admin@ordererOrg
  ID:         746c7341646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441040c7c76519783ed1015354fa8e6130c340bcb89f10238da9f80d002bdc53851a30af2a2114697ba9832ec813506764399b370b1ccf664551b8730b083d198e933
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlsAdmin@org1
  ID:         746c7341646d696e4066696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104f0e26cf7dcee25b140769ed1ffd5e2b26608524656ea844d183e655c3be614da1b24b6503b36b3de72ceda78bb7535560eb40090016c810b92cf42a39ef9c587
  EC_PARAMS:  06082a8648ce3d030107
  label:      tlsAdmin@ordererOrg
  ID:         746c7341646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
  Usage:      encrypt, verify, wrap, derive
  Access:     local
Certificate Object; type = X.509 cert
  label:      Admin@org1
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, OU=admin, CN=Admin@org1
  ID:         41646d696e4066696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
  label:      ca.ordererOrg
  subject:    DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, CN=ca.ordererOrg
  ID:         63612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a

Answer 1

You are correct, the pre-built binaries of fabric do not have pkcs11 enabled. You need to build the peer and orderer binaries from source, specifying the tag pkcs11 to create versions that support PKCS11