On Sat, 2019-08-17 at 10:31 +0200, Alexander Wetzel wrote: > > All iwlwifi cards are able to handle multiple keyids per STA and are > > therefore fully compatible with the Extended Key ID implementation > > provided by mac80211. > > I just tried Extended Key ID with a AX200 card and it really looks like > it's incompatible:-( Hmm. > The card is starting to use the PTK key immediately after installation, > encrypting EAPOL #3 with the new (still Rx only!) key. Right. This wasn't considered, I guess. > Digging around in the driver code it looks like we do not even pass the > key information any longer to the card: iwl_mvm_set_tx_params() is > bypassing iwl_mvm_set_tx_cmd_crypto() completely when we use the "new tx > API". So all cards setting "use_tfh" to true are now incompatible. > > Therefore it looks like that all cards starting with the 22000 series > can't be used with Extended Key ID any longer. > > Is there a way to hand over the key information within the new API or is > the way forward to block Extended Key ID when the "new tx API" is being > used? Not right now, but I think it could be fixed. > The card is fine with using keyid 1 for unicast keys. But it looks like > it assumes that a new key install also tells it to use the new key > immediately... Still digging around but pretty sure that's happening now. Right. For now I guess we have to disable it with the new TX API (which is really what it depends on), we can try to fix the firmware later. johannes
