On 2023/12/20 19:16, Paul Fertser wrote: > Hey Hector, > > On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote: >> Using the WSEC command instead of sae_password seems to be the supported >> mechanism on newer firmware, and also how the brcmdhd driver does it. >> >> According to user reports [1], the sae_password codepath doesn't actually >> work on machines with Cypress chips anyway, so no harm in removing it. > > I'm sorry to disappoint you but I've just tested this patch on a > "Pinebook Pro" which has AP6255 module and it broke WPA3 Personal. > > No error messages are emitted to the kernel log, just iwctl saying it > can't establish connection. > > This is using "Cypress" firmware from the Linux firmware tree [0] > renamed to "brcmfmac43455-sdio.bin" which has the following features > (extracted from last two lines): > > 43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2 > DVID 01-1fda2915 > > > This module is used on many SBCs, including some RaspberryPi > boards. The reason RaspberryPi owners complain about lack of WPA3 > Personal support is that most of them are using obscure downstream > distros which ship brcmfmac firmware from somewhere else rather than > the Linux firmware tree, so they lack the "sae" feature. Another is > that it only works with iwd while default is wpa_supplicant. > > So far all known reports of those who tried the right firmware on > RaspberryPi boards confirm WPA3 Personal was working with iwd [1]. > > > I'll be happy to do more testing if needed. Thank you very much for > your hard and insightful work! Thank you for being the first person to actually test any of this :) Now we actually have a reason to keep the code. The next thing I wonder is whether any of the *other* Cypress chips will respond to WSEC (in addition to or instead of sae_password)... Are you willing to test all the other wifi stuff we have queued up downstream? There's a whole pile of changes here: https://github.com/AsahiLinux/linux/commits/bits/080-wifi/ If things break it would be very helpful if you could bisect it down to the specific commit. This patch is also in there of course, feel free to revert/rebase it out. - Hector
