| Message ID | 20250425085519.492267-1-arend.vanspriel@broadcom.com |
|---|---|
| Headers | show |
| Series | wifi: brcmfmac: external auth support for Infineon devices | expand |
Hi Arend, > The Infineon chips support external authentication in station mode when > firmware advertises it. The feature that must be present in firmware is > sae_ext. This has been ported from Infineon repository and makes use of > the per-vendor framework. It showcases how things can be organized per > vendor to provide the functionality. > > Unfortunately, I have no Infineon device and firmware that makes use of > external auth. This series was submitted earlier as RFT and it was tested > successfully by James Prestwood with iwd after adding a fourth patch to > the series. I would not mind if more testing is done with this series > like using wpa_supplicant instead of iwd. So I tried testing this on a RPi4 with the upstream linux-firmware repo, both on Fedora 42 using NetworkManager on top of iwd or wpa_supplicant. Now I think this has the right firmware but TBH I am not 100% sure but I get the following listed in the "Supported extended features" section when I run 'iw phy phy0 info': * [ SAE_OFFLOAD ]: SAE offload support * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support For reference the firmware version is: brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2 When I was testing with iwd 3.6 it was actually not repporting WPA3 as an option against my SSIDs, just WPA2 where with wpa_supplicant 2.11 it reports both. With NM+iwd in use I get an error and nothing happens, if I set sae for NM+wpa_supplicant I get a lot of the following in the kernel log and the connection fails: [ 1141.846900] brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52 [ 1141.962815] brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52 [ 1142.074828] brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52 I will try and find a couple of other devices with an appropriate cypress/infineon. Peter > Arend van Spriel (3): > wifi: brcmfmac: support per-vendor cfg80211 callbacks and firmware > events > wifi: brcmfmac: make per-vendor event map const > wifi: brcmfmac: cyw: support external SAE authentication in station > de > > Ting-Ying Li (1): > wifi: brcmfmac: Fix structure size for WPA3 external SAE > > .../broadcom/brcm80211/brcmfmac/cfg80211.c | 44 ++- > .../broadcom/brcm80211/brcmfmac/cfg80211.h | 25 ++ > .../broadcom/brcm80211/brcmfmac/common.c | 1 + > .../broadcom/brcm80211/brcmfmac/core.c | 2 + > .../broadcom/brcm80211/brcmfmac/cyw/core.c | 308 ++++++++++++++++++ > .../brcm80211/brcmfmac/cyw/fwil_types.h | 87 +++++ > .../broadcom/brcm80211/brcmfmac/feature.c | 3 +- > .../broadcom/brcm80211/brcmfmac/feature.h | 4 +- > .../broadcom/brcm80211/brcmfmac/fweh.c | 7 +- > .../broadcom/brcm80211/brcmfmac/fweh.h | 8 +- > .../broadcom/brcm80211/brcmfmac/fwvid.h | 29 ++ > 11 files changed, 495 insertions(+), 23 deletions(-) > create mode 100644 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/fwil_types.h > > > base-commit: f600832794c91d7021d7337104734246b02a2b86 > -- > 2.43.5 > >
> > I will try and find a couple of other devices with an appropriate > > cypress/infineon. > > Thanks for giving the patches a spin. The firmware should have a feature > named sae_ext. I think the one you with iw are indicating same support in > general. I am not so sure. RPi4 (BCM4345/6 - 7.45.234 (4ca95bb CY) FWID 01-996384e2) Supported extended features: * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode * [ DFS_OFFLOAD ]: DFS offload * [ SAE_OFFLOAD ]: SAE offload support * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support Jetson TX1 (BCM4354/1 - fw 7.35.349.104 (775a9ab CY) FWID 01-d55901b0): Supported extended features: * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records * [ DFS_OFFLOAD ]: DFS offload So I have different brcmfmac HW reporting different features. > You can check the firmware features in debugfs under > <mount>/ieee80211/phyX/fwcap. I don't get fwcap on either of the above devices: ls /sys/kernel/debug/ieee80211/phy0/ fragmentation_threshold ht40allow_map long_retry_limit rts_threshold short_retry_limit Peter Peter
On 4/29/2025 10:55 AM, Arend Van Spriel wrote: > On April 29, 2025 10:19:00 AM Peter Robinson <pbrobinson@gmail.com> wrote: > >>>> I will try and find a couple of other devices with an appropriate >>>> cypress/infineon. >>> >>> Thanks for giving the patches a spin. The firmware should have a feature >>> named sae_ext. I think the one you with iw are indicating same >>> support in >>> general. >> >> I am not so sure. Sorry for the confusion. Damn autocorrect. "Indicating same support" should have been "Indicating sae support". SAE offload support means that firmware is doing everything, ie. SAE handshake and 4-way handshake (if not mistaken). SAE external auth offloads the SAE handshake to user-space. >> RPi4 (BCM4345/6 - 7.45.234 (4ca95bb CY) FWID 01-996384e2) >> Supported extended features: >> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records >> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK >> in station mode >> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with >> 802.1X in station mode >> * [ DFS_OFFLOAD ]: DFS offload >> * [ SAE_OFFLOAD ]: SAE offload support >> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support >> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication >> offload support I think you mentioned earlier this one ends with an error. So SAE is not working with that firmware despite the claim. How about WPA2? These patches should not affect that, but better check if it does not cause a regression. >> Jetson TX1 (BCM4354/1 - fw 7.35.349.104 (775a9ab CY) FWID 01-d55901b0): >> Supported extended features: >> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records >> * [ DFS_OFFLOAD ]: DFS offload >> >> So I have different brcmfmac HW reporting different features. >> >>> You can check the firmware features in debugfs under >>> <mount>/ieee80211/phyX/fwcap. >> >> I don't get fwcap on either of the above devices: >> >> ls /sys/kernel/debug/ieee80211/phy0/ >> fragmentation_threshold ht40allow_map long_retry_limit >> rts_threshold short_retry_limit > > Ah, yes. My bad. They are only created if CONFIG_BRCMDBG is selected. Appreciate the help. Regards, Arend
The Infineon chips support external authentication in station mode when firmware advertises it. The feature that must be present in firmware is sae_ext. This has been ported from Infineon repository and makes use of the per-vendor framework. It showcases how things can be organized per vendor to provide the functionality. Unfortunately, I have no Infineon device and firmware that makes use of external auth. This series was submitted earlier as RFT and it was tested successfully by James Prestwood with iwd after adding a fourth patch to the series. I would not mind if more testing is done with this series like using wpa_supplicant instead of iwd. Arend van Spriel (3): wifi: brcmfmac: support per-vendor cfg80211 callbacks and firmware events wifi: brcmfmac: make per-vendor event map const wifi: brcmfmac: cyw: support external SAE authentication in station mode Ting-Ying Li (1): wifi: brcmfmac: Fix structure size for WPA3 external SAE .../broadcom/brcm80211/brcmfmac/cfg80211.c | 44 ++- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 25 ++ .../broadcom/brcm80211/brcmfmac/common.c | 1 + .../broadcom/brcm80211/brcmfmac/core.c | 2 + .../broadcom/brcm80211/brcmfmac/cyw/core.c | 308 ++++++++++++++++++ .../brcm80211/brcmfmac/cyw/fwil_types.h | 87 +++++ .../broadcom/brcm80211/brcmfmac/feature.c | 3 +- .../broadcom/brcm80211/brcmfmac/feature.h | 4 +- .../broadcom/brcm80211/brcmfmac/fweh.c | 7 +- .../broadcom/brcm80211/brcmfmac/fweh.h | 8 +- .../broadcom/brcm80211/brcmfmac/fwvid.h | 29 ++ 11 files changed, 495 insertions(+), 23 deletions(-) create mode 100644 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/fwil_types.h base-commit: f600832794c91d7021d7337104734246b02a2b86