Hi Stanislaw, On Sun, May 24, 2020 at 9:27 PM Stanislaw Gruszka <stf_xl@xxxxx> wrote: > > On Sun, May 24, 2020 at 10:47:31AM +0100, Rui Salvaterra wrote: > > According to Larry [1] (and successfully verified on b43) mac80211 > > transparently falls back to software for unsupported hardware cyphers. Thus, > > there's no reason for not unconditionally enabling MFP. This gives us WPA3 > > support out of the box, without having to manually disable hardware crypto. > > > > Tested on an RT2790-based Wi-Fi card. > > > > [1] https://lore.kernel.org/linux-wireless/8252e6a1-b83c-64eb-2503-2686374216ae@xxxxxxxxxxxx/ > > AFICT more work need to be done to support MFP by HW encryption properly > on rt2x00. See this message and whole thread: > https://lore.kernel.org/linux-wireless/977a3cf4-3ec5-4aaa-b3d4-eea2e8593652@xxxxxxxx/ Am I reading this right: rt2x00 offloads some of the processing to the card which interferes with MFP when using software encryption, so therefore we need to disable that offload when using software encryption with MFP. So if mac80211 knows that this offload is happening and that we can't use hardware crypto for MFP, could it be smart enough to disable the offload itself? And once mac80211 is smart enough to make those decisions, couldn't we just enable MFP by default? Thanks, -- Julian Calaby Email: julian.calaby@xxxxxxxxx Profile: http://www.google.com/profiles/julian.calaby/
