All iwlwifi cards are able to handle multiple keyids per STA and are therefore fully compatible with the Extended Key ID implementation provided by mac80211.
I just tried Extended Key ID with a AX200 card and it really looks like it's incompatible:-(
The card is starting to use the PTK key immediately after installation, encrypting EAPOL #3 with the new (still Rx only!) key.
Digging around in the driver code it looks like we do not even pass the key information any longer to the card: iwl_mvm_set_tx_params() is bypassing iwl_mvm_set_tx_cmd_crypto() completely when we use the "new tx API". So all cards setting "use_tfh" to true are now incompatible.
Therefore it looks like that all cards starting with the 22000 series can't be used with Extended Key ID any longer.
Is there a way to hand over the key information within the new API or is the way forward to block Extended Key ID when the "new tx API" is being used?
The card is fine with using keyid 1 for unicast keys. But it looks like it assumes that a new key install also tells it to use the new key immediately... Still digging around but pretty sure that's happening now.
Alexander