Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp491476rdb; Thu, 21 Dec 2023 16:04:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IGPZRE5W0PDF6lFUmgO05UoQt3fr9jDfk9L0CavHDd5BYpHGCIw5Axc18TnyOP602oUJBEA X-Received: by 2002:a50:9358:0:b0:553:414d:5ecf with SMTP id n24-20020a509358000000b00553414d5ecfmr501351eda.27.1703203440162; Thu, 21 Dec 2023 16:04:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703203440; cv=none; d=google.com; s=arc-20160816; b=x6ozEV7LL7W45NoXkwTeqjlB+4vyYundd3JfrhFYbxSbhsptui0xyjYlC+4pG0jhzl dHk8BIu4YLkzdv/VQiZqheBTaViSKHaBmN4kW1LAvBm/ZJObxhEfUNvTothka0BatKIh dDJCW8E5TuF36Z+4RBgb+uK7XQscXgrX3nNbICWC89urUfEleJnlWyXo0nTzupk1QTVD MgHK0ToPI8N5LTnL5UhDzOJYD5OdCQh5GO+flEgElo7c1lHVUWkiZMC4gMEYAosCuJuH xoyRaJeSMegIc5ZwON3OtUXjp2nYqGBJLuxG7FBNmOn5woO+yc5bPp8tVg4aYUmW/Pdv Pyzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence; bh=nygtSlgImLShah/s0hAhy7POXlHZHpSLLGdVCujY6W8=; fh=JQNdj21H7frbihKq44lvZ5VW1rfwOnvKltSSnBjC+9E=; b=F0GMUUQ1vyaMrhXBss0rMV0x+aFgcSkWZX5pWi2ckHiLSwMIAbd9n4hek74YCIBbAm HEbYUD22OArFkL+VabgkJLRRErCApRpJc0eOJiAVsxaf03P+3TZ6t68nm2x8HfRXS6DL uHZzZhhZ5/DpD3VYt9RAlTONosScaT/SZdbdB371hlP2UvZ4457k9I6RQi0o9vT1cAU1 Yh3VM+zZbc1dxg20vpNmFB5G+Iie+6VxrR4g7ETK7PCuFAjIFKePiieqPyAhwgf9oiYa rAlaJ9v1LVeL7PmIEG+5ZMl00mcc6GAQAUgLXiU+9bgJS+zh1hJs833xtCSFRA26w9wo OVrQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless+bounces-1185-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1185-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id er16-20020a056402449000b00554375d1237si672420edb.87.2023.12.21.16.04.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 16:04:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-1185-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless+bounces-1185-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1185-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CAA561F2544C for ; Fri, 22 Dec 2023 00:03:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A765D375; Fri, 22 Dec 2023 00:03:54 +0000 (UTC) X-Original-To: linux-wireless@vger.kernel.org Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE5F5199; Fri, 22 Dec 2023 00:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gompa.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-552ff8d681aso4453166a12.1; Thu, 21 Dec 2023 16:03:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703203431; x=1703808231; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nygtSlgImLShah/s0hAhy7POXlHZHpSLLGdVCujY6W8=; b=fvadG6tvlul2FFD6D1ONxK3hTJV4ZqV8oWJx5KA38pUCghnJHdAXSXcRzEmyWMxViB r1YQ4fFJ+FOcWWnBU+o1ZInmgv/tBs8VPMHClSAkWM/rZJGhydfgC4j0HyemhR2VVBnf 5p7C7Jjt33qK9VWE51+OjL2DWE+xq4MXjfpgRbSJjbeNfAGqhdUQUT2ANCYY6pM0qVPJ VJTjivgJ9clIk8foix43ZHu6IKxQXtAAVNS/KoYlqivQMDX7QkcdeRN3qZJ+It8ofJU0 Fpi+wc+vShafVaACWr//GXyD2vH0eNwvgTpLQD3SSxgzDvG1Xc6cNqJvBsZRtftmuKvg i+cQ== X-Gm-Message-State: AOJu0YzB1lgOv9Ps0Pt/VHcUWfm8rdCPzdYo+qT17VdPqRwsYgWeuVq5 /ED9LcnpMS/Io6k7lQsBqNhjE8v8LVw1CKDq9MU= X-Received: by 2002:a17:906:2092:b0:a26:a980:d5b5 with SMTP id 18-20020a170906209200b00a26a980d5b5mr404727ejq.8.1703203430525; Thu, 21 Dec 2023 16:03:50 -0800 (PST) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com. [209.85.218.52]) by smtp.gmail.com with ESMTPSA id l3-20020a170907914300b00a1b7769f834sm1493699ejs.81.2023.12.21.16.03.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Dec 2023 16:03:49 -0800 (PST) Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-a2696852965so403750766b.0; Thu, 21 Dec 2023 16:03:49 -0800 (PST) X-Received: by 2002:a17:906:1042:b0:a23:3767:28ad with SMTP id j2-20020a170906104200b00a23376728admr512450ejj.70.1703203429756; Thu, 21 Dec 2023 16:03:49 -0800 (PST) Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231107-brcmfmac-wpa3-v1-1-4c7db8636680@marcan.st> <170281231651.2255653.7498073085103487666.kvalo@kernel.org> <18c80d15e30.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com> <1b51997f-2994-46e8-ac58-90106d1c486d@marcan.st> In-Reply-To: From: Neal Gompa Date: Thu, 21 Dec 2023 19:03:12 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password To: Marcel Holtmann Cc: Julian Calaby , Arend van Spriel , Kalle Valo , Hector Martin , Arend van Spriel , Franky Lin , Hante Meuleman , Daniel Berlin , linux-wireless@vger.kernel.org, brcm80211-dev-list.pdl@broadcom.com, SHA-cyfmac-dev-list@infineon.com, linux-kernel@vger.kernel.org, asahi@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2023 at 3:40=E2=80=AFPM Marcel Holtmann wrote: > > Hi Julian, > > >>>>>> Using the WSEC command instead of sae_password seems to be the sup= ported > >>>>>> mechanism on newer firmware, and also how the brcmdhd driver does = it. > >>>>>> > >>>>>> According to user reports [1], the sae_password codepath doesn't a= ctually > >>>>>> work on machines with Cypress chips anyway, so no harm in removing= it. > >>>>>> > >>>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a su= pport > >>>>>> patchset [2]. > >>>>>> > >>>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/ > >>>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.h= tml > >>>>>> > >>>>>> Signed-off-by: Hector Martin > >>>>>> Reviewed-by: Neal Gompa > >>>>> > >>>>> Arend, what do you think? > >>>>> > >>>>> We recently talked about people testing brcmfmac patches, has anyon= e else > >>>>> tested this? > >>>> > >>>> Not sure I already replied so maybe I am repeating myself. I would p= refer > >>>> to keep the Cypress sae_password path as well although it reportedly= does > >>>> not work. The vendor support in the driver can be used to accommodat= e for > >>>> that. The other option would be to have people with Cypress chipset = test > >>>> this patch. If that works for both we can consider dropping the > >>>> sae_password path. > >>>> > >>>> Regards, > >>>> Arend > >>> > >>> So, if nobody from Cypress chimes in ever, and nobody cares nor tests > >>> Cypress chipsets, are we keeping any and all existing Cypress code-pa= ths > >>> as bitrotting code forever and adding gratuitous conditionals every t= ime > >>> any functionality needs to change "just in case it breaks Cypress" ev= en > >>> though it has been tested compatible on Broadcom chipsets/firmware? > >>> > >>> Because that's not sustainable long term. > >> > >> You should look into WEXT just for the fun of it. If it were up to me > >> and a bunch of other people that would have been gone decades ago. May= be > >> a bad example if the sae_password is indeed not working, but the Cypre= ss > >> chipset is used in RPi3 and RPi4 so there must be a couple of users. > > > > There are reports that WPA3 is broken on the Cypress chipsets the > > Raspberry Pis are using and this patch fixes it: > > https://rachelbythebay.com/w/2023/11/06/wpa3/ > > > > Based on that, it appears that all known users of WPA3 capable > > hardware with this driver require this fix. > > the Pis are all using an outdated firmware. In their distro they put the > firmware already under the alternates systems, but it just lacks the SAE > offload support that is required to make WPA3 work. The linux-firmware > version does the trick nicely. > > I documented what I did to make this work on Pi5 (note that I normally > use Fedora on Pi4 and thus never encountered this issue) > > https://holtmann.dev/enabling-wpa3-on-raspberry-pi/ > > However you need to use iwd and not hope that you get a wpa_supplicant > released version that will work. > > So whole game of wpa_supplicant is vendor specific to the company that > provides the driver is also insane, but that is another story. Use iwd > and you can most likely have WPA3 support if you have the right firmware. > wpa_supplicant is perfectly fine if the necessary patches are backported, as Fedora has done: https://src.fedoraproject.org/rpms/wpa_supplicant/c/99f4bf2096d3976cee01c49= 9d7a30c1376f5f0f7 -- =E7=9C=9F=E5=AE=9F=E3=81=AF=E3=81=84=E3=81=A4=E3=82=82=E4=B8=80=E3=81=A4=EF= =BC=81/ Always, there's only one truth!