On Mon, May 25, 2020 at 11:15:29AM +0200, Johannes Berg wrote: > On Sun, 2020-05-24 at 14:39 +0200, Stanislaw Gruszka wrote: > > > > > And once mac80211 is smart enough to make those decisions, couldn't we > > > just enable MFP by default? > > For the record, I don't think we'd really want to add such a thing to > mac80211 ... easier done in the driver. > > > If we will have indicator from mac80211 that MFP is configured, we can > > just return -EOPNOTSUPP from rt2x00mac_set_key() for CCMP and that will > > make MFP work without specifying nohwcrypt module parameter - software > > encryption will be used anyway. > > Not sure mac80211 really knows? Hmm. After looking at this a bit more, seems we have indicator of MFP being used in ieee80211_sta structure. So maybe adding check like below will allow to remove nohwcrypt rt2x00 requirement for MFP ? diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c index 32efbc8e9f92..241e42bb0fd2 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c @@ -468,7 +468,7 @@ int rt2x00mac_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) return 0; - if (!rt2x00_has_cap_hw_crypto(rt2x00dev)) + if (!rt2x00_has_cap_hw_crypto(rt2x00dev) || sta->mfp) return -EOPNOTSUPP; /* Stanislaw
