On June 20, 2024 5:44:30 PM KeithG <ys3al35l@xxxxxxxxx> wrote:
On Thu, Jun 20, 2024 at 6:14 AM Arend Van Spriel <arend.vanspriel@xxxxxxxxxxxx> wrote:On June 20, 2024 11:53:12 AM Peter Robinson <pbrobinson@xxxxxxxxx> wrote:On Thu, 20 Jun 2024 at 10:46, Julian Calaby <julian.calaby@xxxxxxxxx> wrote:Hi Peter, On Thu, Jun 20, 2024 at 7:19 PM Peter Robinson <pbrobinson@xxxxxxxxx> wrote:Hi Arend,After being asked about support for WPA3 for BCM43224 chipset it was found that all it takes is setting the MFP_CAPABLE flag and mac80211 will take care of all that is needed [1].Testing this on a Raspberry Pi 4 [1] against a UniFi U6Pro AP I can't connect to my WPA3 only SSID, it works fine with the SSID that's WPA2/WPA3 on the same AP. It doesn't connect and I get a whole lot of the following errors while it tries: [ 155.988865] brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52 [ 156.100906] brcmfmac: brcmf_set_channel: set chanspec 0xd034 fail, reason -52 [ 156.108597] brcmfmac: brcmf_set_channel: set chanspec 0xd038 fail, reason -52 [ 156.116317] brcmfmac: brcmf_set_channel: set chanspec 0xd03c fail, reason -52The Raspberry Pis' WiFi chipsets use the brcmfmac driver and this is a patch to the brcmsmac driver. This driver is for older and simpler WiFi chipsets than the ones on the Raspberry Pis.Right you are, completely missed that :)The devil is in the details ;-) Good that you tested. Maybe we can look into the WPA3-only problem. Are you using wpa_supplicant? Can you share supplicant log file and kernel log with brcmfmac debug modparam set to 0x1416. Regards, ArendThe RPis and the brcmfmac cards. The current RPiOS for 32 bit and 64 bit OS have firmware which loads on the 5Ghz capable Pis (3b+, 4, 5, 02W) which advertise WPA3 capability (this is a Pi5, but others are similar) This firmware is from 2021: # dmesg | grep brcmfmac [ 2.112735] brcmfmac: F1 signature read @0x18000000=0x15264345 [ 2.114202] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 2.117274] usbcore: registered new interface driver brcmfmac [ 2.335211] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob available (err=-2) [ 2.335581] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2 # iw list Wiphy phy0 ... Supported extended features: * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode * [ DFS_OFFLOAD ]: DFS offload * [ SAE_OFFLOAD ]: SAE offload support * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support # uname -a Linux pi5 6.6.31+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.31-1+rpt1 (2024-05-29) aarch64 GNU/Linux I am pretty sure I am fully up to date. I set up hostapd running an WPA3 SAE config on my desktop with an intel card and can connect to it from my phone. I cannot connect to it from the Pi5:
So let's dive in
I tried using a config file and connecting with wpa_supplicant and it did not:
# cat /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="deskSAE"
sae_password="secret123"
proto=RSN
key_mgmt=SAE
pairwise=CCMP
ieee80211w=2
}
That looks sane to me.
# ifconfig wlan0 up
root@pi5(rw):~# iwlist wlan0 scan | grep deskSAE
ESSID:"deskSAE"
# wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
Successfully initialized wpa_supplicant
wlan0: WPA: Failed to select authenticated key management type
wlan0: WPA: Failed to set WPA key management and encryption suites
(never returns command prompt)
The supplicant remains running in the foreground so that is normal. Could you retry with -ddt on the command line. Also having brcmfmac loaded with debug=0x1416 while testing. Finally, can you share the hostapd.conf file?
Regards, Arend
I tried using wpa_cli as well and it also fails: <3>CTRL-EVENT-NETWORK-ADDED 1 <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE "deskS <4>Failed to initiate sched scan <3>CTRL-EVENT-NETWORK-NOT-FOUNDset_network 0 ssid "deskSAE"OKset_network - key_mgmt SAEOKset_network 0 ieee80211w 2OKset_network 0 sae_password "secret123"OK <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <4>Failed to initiate sched scan <3>CTRL-EVENT-NETWORK-NOT-FOUND <3>CTRL-EVENT-SCAN-STARTEDenable 0OK <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <4>Failed to initiate sched scan <3>CTRL-EVENT-NETWORK-NOT-FOUND <4>WPA: Failed to select authenticated key management type <4>WPA: Failed to set WPA key management and encryption suites <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <4>WPA: Failed to select authenticated key management type <4>WPA: Failed to set WPA key management and encryption suites <3>CTRL-EVENT-SCAN-STARTED Would love it if there were a way to get wpa3 to work with the brcmfmac cards on RPI. Keith
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
