Search Linux Wireless

Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2023/12/20 19:16, Paul Fertser wrote:
> Hey Hector,
> 
> On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote:
>> Using the WSEC command instead of sae_password seems to be the supported
>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>
>> According to user reports [1], the sae_password codepath doesn't actually
>> work on machines with Cypress chips anyway, so no harm in removing it.
> 
> I'm sorry to disappoint you but I've just tested this patch on a
> "Pinebook Pro" which has AP6255 module and it broke WPA3 Personal.
> 
> No error messages are emitted to the kernel log, just iwctl saying it
> can't establish connection.
> 
> This is using "Cypress" firmware from the Linux firmware tree [0]
> renamed to "brcmfmac43455-sdio.bin" which has the following features
> (extracted from last two lines):
> 
> 43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2
> DVID 01-1fda2915
> 
> 
> This module is used on many SBCs, including some RaspberryPi
> boards. The reason RaspberryPi owners complain about lack of WPA3
> Personal support is that most of them are using obscure downstream
> distros which ship brcmfmac firmware from somewhere else rather than
> the Linux firmware tree, so they lack the "sae" feature. Another is
> that it only works with iwd while default is wpa_supplicant.
> 
> So far all known reports of those who tried the right firmware on
> RaspberryPi boards confirm WPA3 Personal was working with iwd [1].
> 
> 
> I'll be happy to do more testing if needed. Thank you very much for
> your hard and insightful work!

Thank you for being the first person to actually test any of this :)

Now we actually have a reason to keep the code. The next thing I wonder
is whether any of the *other* Cypress chips will respond to WSEC (in
addition to or instead of sae_password)...

Are you willing to test all the other wifi stuff we have queued up
downstream? There's a whole pile of changes here:

https://github.com/AsahiLinux/linux/commits/bits/080-wifi/

If things break it would be very helpful if you could bisect it down to
the specific commit. This patch is also in there of course, feel free to
revert/rebase it out.

- Hector




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux