On Thu, Jun 20, 2024 at 6:14 AM Arend Van Spriel
<arend.vanspriel@xxxxxxxxxxxx> wrote:
>
> On June 20, 2024 11:53:12 AM Peter Robinson <pbrobinson@xxxxxxxxx> wrote:
>
> > On Thu, 20 Jun 2024 at 10:46, Julian Calaby <julian.calaby@xxxxxxxxx> wrote:
> >>
> >> Hi Peter,
> >>
> >> On Thu, Jun 20, 2024 at 7:19 PM Peter Robinson <pbrobinson@xxxxxxxxx> wrote:
> >>>
> >>> Hi Arend,
> >>>
> >>>> After being asked about support for WPA3 for BCM43224 chipset it
> >>>> was found that all it takes is setting the MFP_CAPABLE flag and
> >>>> mac80211 will take care of all that is needed [1].
> >>>
> >>> Testing this on a Raspberry Pi 4 [1] against a UniFi U6Pro AP I can't
> >>> connect to my WPA3 only SSID, it works fine with the SSID that's
> >>> WPA2/WPA3 on the same AP. It doesn't connect and I get a whole lot of
> >>> the following errors while it tries:
> >>>
> >>> [ 155.988865] brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail,
> >>> reason -52
> >>> [ 156.100906] brcmfmac: brcmf_set_channel: set chanspec 0xd034 fail,
> >>> reason -52
> >>> [ 156.108597] brcmfmac: brcmf_set_channel: set chanspec 0xd038 fail,
> >>> reason -52
> >>> [ 156.116317] brcmfmac: brcmf_set_channel: set chanspec 0xd03c fail,
> >>> reason -52
> >>
> >> The Raspberry Pis' WiFi chipsets use the brcmfmac driver and this is a
> >> patch to the brcmsmac driver. This driver is for older and simpler
> >> WiFi chipsets than the ones on the Raspberry Pis.
> >
> > Right you are, completely missed that :)
>
> The devil is in the details ;-) Good that you tested. Maybe we can look
> into the WPA3-only problem. Are you using wpa_supplicant? Can you share
> supplicant log file and kernel log with brcmfmac debug modparam set to 0x1416.
>
> Regards,
> Arend
>
The RPis and the brcmfmac cards.
The current RPiOS for 32 bit and 64 bit OS have firmware which loads
on the 5Ghz capable Pis (3b+, 4, 5, 02W) which advertise WPA3
capability (this is a Pi5, but others are similar) This firmware is
from 2021:
# dmesg | grep brcmfmac
[ 2.112735] brcmfmac: F1 signature read @0x18000000=0x15264345
[ 2.114202] brcmfmac: brcmf_fw_alloc_request: using
brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 2.117274] usbcore: registered new interface driver brcmfmac
[ 2.335211] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
available (err=-2)
[ 2.335581] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
01-996384e2
# iw list
Wiphy phy0
...
Supported extended features:
* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
* [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
* [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
* [ DFS_OFFLOAD ]: DFS offload
* [ SAE_OFFLOAD ]: SAE offload support
* [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
* [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
# uname -a
Linux pi5 6.6.31+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.31-1+rpt1
(2024-05-29) aarch64 GNU/Linux
I am pretty sure I am fully up to date.
I set up hostapd running an WPA3 SAE config on my desktop with an
intel card and can connect to it from my phone.
I cannot connect to it from the Pi5:
I tried using a config file and connecting with wpa_supplicant and it did not:
# cat /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="deskSAE"
sae_password="secret123"
proto=RSN
key_mgmt=SAE
pairwise=CCMP
ieee80211w=2
}
# ifconfig wlan0 up
root@pi5(rw):~# iwlist wlan0 scan | grep deskSAE
ESSID:"deskSAE"
# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
Successfully initialized wpa_supplicant
wlan0: WPA: Failed to select authenticated key management type
wlan0: WPA: Failed to set WPA key management and encryption suites
(never returns command prompt)
I tried using wpa_cli as well and it also fails:
<3>CTRL-EVENT-NETWORK-ADDED 1
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE "deskS
<4>Failed to initiate sched scan
<3>CTRL-EVENT-NETWORK-NOT-FOUND
> set_network 0 ssid "deskSAE"
OK
> set_network - key_mgmt SAE
OK
> set_network 0 ieee80211w 2
OK
> set_network 0 sae_password "secret123"
OK
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<4>Failed to initiate sched scan
<3>CTRL-EVENT-NETWORK-NOT-FOUND
<3>CTRL-EVENT-SCAN-STARTED
> enable 0
OK
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<4>Failed to initiate sched scan
<3>CTRL-EVENT-NETWORK-NOT-FOUND
<4>WPA: Failed to select authenticated key management type
<4>WPA: Failed to set WPA key management and encryption suites
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<4>WPA: Failed to select authenticated key management type
<4>WPA: Failed to set WPA key management and encryption suites
<3>CTRL-EVENT-SCAN-STARTED
Would love it if there were a way to get wpa3 to work with the
brcmfmac cards on RPI.
Keith
