For an example of missing critical functionality, see this comment: https://github.com/systemd/systemd/pull/29539#issuecomment-1760243611 Aside from that, trying to use the pkcs11 and tpm2 providers just ended up with unintelligible errors being vomited on the console. No, I did not keep a copy of those tests, and no, I am not going to try again, as I most definitely do not have the time nor the interest to become an openssl or pkcs11 expert. This stuff needs to "just work" by default, without spending days tinkering, and engines do that just fine, because they have been developed for years. Providers are just too new, and those that exist need a few more years as optional features for enthusiasts and experts to adopt and fix all the bugs, add all the needed features, and make sure they work out of the box. We are not there yet, and jumping the gun is not going to help anybody. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue