Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password

From: Hector Martin
Date: Wed Dec 20 2023 - 13:02:29 EST

Next message: Dmitry Antipov: "[PATCH] regmap: fix kcalloc() arguments order"
Previous message: kernel test robot: "Re: [PATCH] locking/osq_lock: Avoid false sharing in optimistic_spin_node"
In reply to: Paul Fertser: "Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2023/12/20 19:16, Paul Fertser wrote:
> Hey Hector,
>
> On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote:
>> Using the WSEC command instead of sae_password seems to be the supported
>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>
>> According to user reports [1], the sae_password codepath doesn't actually
>> work on machines with Cypress chips anyway, so no harm in removing it.
>
> I'm sorry to disappoint you but I've just tested this patch on a
> "Pinebook Pro" which has AP6255 module and it broke WPA3 Personal.
>
> No error messages are emitted to the kernel log, just iwctl saying it
> can't establish connection.
>
> This is using "Cypress" firmware from the Linux firmware tree [0]
> renamed to "brcmfmac43455-sdio.bin" which has the following features
> (extracted from last two lines):
>
> 43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2
> DVID 01-1fda2915
>
>
> This module is used on many SBCs, including some RaspberryPi
> boards. The reason RaspberryPi owners complain about lack of WPA3
> Personal support is that most of them are using obscure downstream
> distros which ship brcmfmac firmware from somewhere else rather than
> the Linux firmware tree, so they lack the "sae" feature. Another is
> that it only works with iwd while default is wpa_supplicant.
>
> So far all known reports of those who tried the right firmware on
> RaspberryPi boards confirm WPA3 Personal was working with iwd [1].
>
>
> I'll be happy to do more testing if needed. Thank you very much for
> your hard and insightful work!

Thank you for being the first person to actually test any of this :)

Now we actually have a reason to keep the code. The next thing I wonder
is whether any of the *other* Cypress chips will respond to WSEC (in
addition to or instead of sae_password)...

Are you willing to test all the other wifi stuff we have queued up
downstream? There's a whole pile of changes here:

https://github.com/AsahiLinux/linux/commits/bits/080-wifi/

If things break it would be very helpful if you could bisect it down to
the specific commit. This patch is also in there of course, feel free to
revert/rebase it out.

- Hector

Next message: Dmitry Antipov: "[PATCH] regmap: fix kcalloc() arguments order"
Previous message: kernel test robot: "Re: [PATCH] locking/osq_lock: Avoid false sharing in optimistic_spin_node"
In reply to: Paul Fertser: "Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]