diff --git a/p11mod/README.md b/p11mod/README.md
index 135f96b..cd14241 100644
--- a/p11mod/README.md
+++ b/p11mod/README.md
@@ -13,3 +13,7 @@ Prerequisites:
 ## Example usage
 
 See the `p11proxy` sibling directory for an example of how to use p11mod.
+
+## Tracing
+
+Set the environment variable `P11MOD_TRACE=1` to enable debug tracing.  The trace will be outputted to the log file.
diff --git a/p11mod/p11mod.go b/p11mod/p11mod.go
index 90bf0af..93dc9ab 100644
--- a/p11mod/p11mod.go
+++ b/p11mod/p11mod.go
@@ -4,6 +4,7 @@ package p11mod
 
 import (
 	"log"
+	"os"
 	"sync"
 
 	"github.com/miekg/pkcs11"
@@ -11,6 +12,8 @@ import (
 	"github.com/namecoin/pkcs11mod"
 )
 
+var trace bool
+
 var highBackend Backend
 var highBackendError error
 
@@ -26,6 +29,10 @@ func init() {
 	}
 
 	pkcs11mod.SetBackend(b)
+
+	if os.Getenv("P11MOD_TRACE") == "1" {
+		trace = true
+	}
 }
 
 type llSession struct {
@@ -391,11 +398,19 @@ func (ll *llBackend) SetAttributeValue(sh pkcs11.SessionHandle, o pkcs11.ObjectH
 func (ll *llBackend) FindObjectsInit(sh pkcs11.SessionHandle, template []*pkcs11.Attribute) error {
 	session, err := ll.getSessionByHandle(sh)
 	if err != nil {
+		if trace {
+			log.Printf("p11mod FindObjectsInit: %v", err)
+		}
+
 		return err
 	}
 
 	objects, err := session.session.FindObjects(template)
 	if err != nil {
+		if trace {
+			log.Printf("p11mod FindObjectsInit: %v", err)
+		}
+
 		if err == pkcs11.Error(pkcs11.CKR_OPERATION_NOT_INITIALIZED) {
 			// session.FindObjects() can relay CKR_OPERATION_NOT_INITIALIZED from
 			// FindObjects or FindObjectsFinal, but PKCS#11 spec says
@@ -409,6 +424,10 @@ func (ll *llBackend) FindObjectsInit(sh pkcs11.SessionHandle, template []*pkcs11
 		}
 	}
 
+	if trace {
+		log.Printf("p11mod FindObjectsInit: %d objects returned", len(objects))
+	}
+
 	session.objects = append(session.objects, objects...)
 	session.objectsPending = objects