* Raspberry Pi 5 and WPA3
@ 2024-04-29 20:25 Harry ten Berge
2024-04-29 21:29 ` James Prestwood
0 siblings, 1 reply; 13+ messages in thread
From: Harry ten Berge @ 2024-04-29 20:25 UTC (permalink / raw)
To: iwd
Hi,
I'm not sure this is the right place to ask for some assistance, but
here we go...
I'm the author for a small Raspberry Pi audio image that is
specifically targeting Roon.
If you're not familiair with Roon: it's an audio streaming platform
targeting audiophiles ;-)
Anyways, about a year ago I switched from wpa_supplicant to iwd, to
full satisfaction.
Better and easier integration, and overall a feel of me being in more control.
Now, recently I'm having issues with WPA3 support. This is partly
related to firmware (it's just so obfuscated how this all works with
firmware from broadcom and firmware from cypress :-(
And one of those things is that I can't get it to work on the new Pi
5. Specifically IWD reporting this:
Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
Network is WPA3-Personal...
Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
CMD_EXTERNAL_AUTH for SAE
Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
Can't use SAE, trying WPA2
Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
advise me to go back to wpa_supplicant. Which is not something I would
like to do for various reasons...
Do you have any advice for me on what I can do? is this
CMD_EXTERNAL_AUTH really related to this and are you planning on
implementing this?
Thanks
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-29 20:25 Raspberry Pi 5 and WPA3 Harry ten Berge
@ 2024-04-29 21:29 ` James Prestwood
2024-04-30 6:49 ` Harry ten Berge
2024-04-30 7:42 ` Marcel Holtmann
0 siblings, 2 replies; 13+ messages in thread
From: James Prestwood @ 2024-04-29 21:29 UTC (permalink / raw)
To: Harry ten Berge, iwd
Hi Harry,
On 4/29/24 1:25 PM, Harry ten Berge wrote:
> Hi,
>
> I'm not sure this is the right place to ask for some assistance, but
> here we go...
>
> I'm the author for a small Raspberry Pi audio image that is
> specifically targeting Roon.
> If you're not familiair with Roon: it's an audio streaming platform
> targeting audiophiles ;-)
>
> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> full satisfaction.
> Better and easier integration, and overall a feel of me being in more control.
>
> Now, recently I'm having issues with WPA3 support. This is partly
> related to firmware (it's just so obfuscated how this all works with
> firmware from broadcom and firmware from cypress :-(
>
> And one of those things is that I can't get it to work on the new Pi
> 5. Specifically IWD reporting this:
>
> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> Network is WPA3-Personal...
> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> CMD_EXTERNAL_AUTH for SAE
> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> Can't use SAE, trying WPA2
>
> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> advise me to go back to wpa_supplicant. Which is not something I would
> like to do for various reasons...
>
> Do you have any advice for me on what I can do? is this
> CMD_EXTERNAL_AUTH really related to this and are you planning on
> implementing this?
Unfortunately the external auth support is not yet implemented in IWD.
The brcmfmac driver itself is rather unique being a fullmac driver.
Depending on how you look at it, this on its own is "easier" to support.
It handles connecting/roaming all on its own. But then, for some reason,
someone didn't want to do SAE/WPA3 on the card itself so they came up
with some one-off mechanism to offload that onto userspace. This is one
of those things that got put upstream that is a pain for projects like
IWD to support IMO. Its something we do need to support eventually,
especially given the raspi 5 requires it.
Thanks,
James
>
> Thanks
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-29 21:29 ` James Prestwood
@ 2024-04-30 6:49 ` Harry ten Berge
2024-04-30 7:42 ` Marcel Holtmann
1 sibling, 0 replies; 13+ messages in thread
From: Harry ten Berge @ 2024-04-30 6:49 UTC (permalink / raw)
To: James Prestwood; +Cc: iwd
Hi James,
Thanks for your explanation.
Makes sense, and I can imagine that this is a pain for you guys.
Of course I hope that this will be implemented any time soon-ish,
because I really don't want to go back ;-)
Anyways, if I can help in any way, with testing stuff or whatever, let me know.
Thanks,
Harry
On Mon, 29 Apr 2024 at 23:29, James Prestwood <prestwoj@gmail.com> wrote:
>
> Hi Harry,
>
> On 4/29/24 1:25 PM, Harry ten Berge wrote:
> > Hi,
> >
> > I'm not sure this is the right place to ask for some assistance, but
> > here we go...
> >
> > I'm the author for a small Raspberry Pi audio image that is
> > specifically targeting Roon.
> > If you're not familiair with Roon: it's an audio streaming platform
> > targeting audiophiles ;-)
> >
> > Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> > full satisfaction.
> > Better and easier integration, and overall a feel of me being in more control.
> >
> > Now, recently I'm having issues with WPA3 support. This is partly
> > related to firmware (it's just so obfuscated how this all works with
> > firmware from broadcom and firmware from cypress :-(
> >
> > And one of those things is that I can't get it to work on the new Pi
> > 5. Specifically IWD reporting this:
> >
> > Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > Network is WPA3-Personal...
> > Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> > CMD_EXTERNAL_AUTH for SAE
> > Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > Can't use SAE, trying WPA2
> >
> > Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> > advise me to go back to wpa_supplicant. Which is not something I would
> > like to do for various reasons...
> >
> > Do you have any advice for me on what I can do? is this
> > CMD_EXTERNAL_AUTH really related to this and are you planning on
> > implementing this?
>
> Unfortunately the external auth support is not yet implemented in IWD.
> The brcmfmac driver itself is rather unique being a fullmac driver.
> Depending on how you look at it, this on its own is "easier" to support.
> It handles connecting/roaming all on its own. But then, for some reason,
> someone didn't want to do SAE/WPA3 on the card itself so they came up
> with some one-off mechanism to offload that onto userspace. This is one
> of those things that got put upstream that is a pain for projects like
> IWD to support IMO. Its something we do need to support eventually,
> especially given the raspi 5 requires it.
>
> Thanks,
>
> James
>
> >
> > Thanks
> >
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-29 21:29 ` James Prestwood
2024-04-30 6:49 ` Harry ten Berge
@ 2024-04-30 7:42 ` Marcel Holtmann
2024-04-30 11:17 ` James Prestwood
1 sibling, 1 reply; 13+ messages in thread
From: Marcel Holtmann @ 2024-04-30 7:42 UTC (permalink / raw)
To: James Prestwood; +Cc: Harry ten Berge, iwd
Hi James,
>> I'm not sure this is the right place to ask for some assistance, but
>> here we go...
>>
>> I'm the author for a small Raspberry Pi audio image that is
>> specifically targeting Roon.
>> If you're not familiair with Roon: it's an audio streaming platform
>> targeting audiophiles ;-)
>>
>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
>> full satisfaction.
>> Better and easier integration, and overall a feel of me being in more control.
>>
>> Now, recently I'm having issues with WPA3 support. This is partly
>> related to firmware (it's just so obfuscated how this all works with
>> firmware from broadcom and firmware from cypress :-(
>>
>> And one of those things is that I can't get it to work on the new Pi
>> 5. Specifically IWD reporting this:
>>
>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>> Network is WPA3-Personal...
>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
>> CMD_EXTERNAL_AUTH for SAE
>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>> Can't use SAE, trying WPA2
>>
>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
>> advise me to go back to wpa_supplicant. Which is not something I would
>> like to do for various reasons...
>>
>> Do you have any advice for me on what I can do? is this
>> CMD_EXTERNAL_AUTH really related to this and are you planning on
>> implementing this?
>
> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
if the Broadcom firmware finally would be able to support external_auth,
then it would be nice, but as seen on recent linux-wireless discussions,
it is unclear who does what. Broadcom wanted to support external_auth,
but then Infineon (the new owner) might be rather using SAE as part of
the firmware. And actually the chip on the RPi5 marks itself as Cypress
and so you it is an unclear story. I think that Raspberry Pi foundation
should get their story straight. Until really recently they shipped a
firmware that couldn’t do SAE and also their drivers couldn’t even do
external_auth and you were stuck with WPA2 only.
https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
You can use an upstream firmware from linux-firmware and make the RPi5
support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
switching to the upstream firmware.
On side note, there exists no wpa_supplicant release that really supports
SAE offload properly. You need to back port a lot of patches or hope
that your distro back ported them for you.
We should actually check if nl80211 tells us that external_auth is
supported by the driver. And if not (which is the case for the Broadcom
upstream driver) send a proper message to users and not lead them into
a wild goose chase.
Regards
Marcel
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-30 7:42 ` Marcel Holtmann
@ 2024-04-30 11:17 ` James Prestwood
2024-04-30 12:19 ` KeithG
0 siblings, 1 reply; 13+ messages in thread
From: James Prestwood @ 2024-04-30 11:17 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: Harry ten Berge, iwd
Hi Marcel,
On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> Hi James,
>
>>> I'm not sure this is the right place to ask for some assistance, but
>>> here we go...
>>>
>>> I'm the author for a small Raspberry Pi audio image that is
>>> specifically targeting Roon.
>>> If you're not familiair with Roon: it's an audio streaming platform
>>> targeting audiophiles ;-)
>>>
>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
>>> full satisfaction.
>>> Better and easier integration, and overall a feel of me being in more control.
>>>
>>> Now, recently I'm having issues with WPA3 support. This is partly
>>> related to firmware (it's just so obfuscated how this all works with
>>> firmware from broadcom and firmware from cypress :-(
>>>
>>> And one of those things is that I can't get it to work on the new Pi
>>> 5. Specifically IWD reporting this:
>>>
>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>> Network is WPA3-Personal...
>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
>>> CMD_EXTERNAL_AUTH for SAE
>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>> Can't use SAE, trying WPA2
>>>
>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
>>> advise me to go back to wpa_supplicant. Which is not something I would
>>> like to do for various reasons...
>>>
>>> Do you have any advice for me on what I can do? is this
>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
>>> implementing this?
>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> if the Broadcom firmware finally would be able to support external_auth,
> then it would be nice, but as seen on recent linux-wireless discussions,
> it is unclear who does what. Broadcom wanted to support external_auth,
> but then Infineon (the new owner) might be rather using SAE as part of
> the firmware. And actually the chip on the RPi5 marks itself as Cypress
> and so you it is an unclear story. I think that Raspberry Pi foundation
> should get their story straight. Until really recently they shipped a
> firmware that couldn’t do SAE and also their drivers couldn’t even do
> external_auth and you were stuck with WPA2 only.
>
> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
I was not aware that it didn't even support it correctly. I figured
broadcom was who added it in the first place.
>
> You can use an upstream firmware from linux-firmware and make the RPi5
> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> switching to the upstream firmware.
>
> On side note, there exists no wpa_supplicant release that really supports
> SAE offload properly. You need to back port a lot of patches or hope
> that your distro back ported them for you.
>
> We should actually check if nl80211 tells us that external_auth is
> supported by the driver. And if not (which is the case for the Broadcom
> upstream driver) send a proper message to users and not lead them into
> a wild goose chase.
>
> Regards
>
> Marcel
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-30 11:17 ` James Prestwood
@ 2024-04-30 12:19 ` KeithG
2024-04-30 15:42 ` Harry ten Berge
2024-05-02 12:56 ` KeithG
0 siblings, 2 replies; 13+ messages in thread
From: KeithG @ 2024-04-30 12:19 UTC (permalink / raw)
To: James Prestwood; +Cc: Marcel Holtmann, Harry ten Berge, iwd
On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
>
> Hi Marcel,
>
> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> > Hi James,
> >
> >>> I'm not sure this is the right place to ask for some assistance, but
> >>> here we go...
> >>>
> >>> I'm the author for a small Raspberry Pi audio image that is
> >>> specifically targeting Roon.
> >>> If you're not familiair with Roon: it's an audio streaming platform
> >>> targeting audiophiles ;-)
> >>>
> >>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> >>> full satisfaction.
> >>> Better and easier integration, and overall a feel of me being in more control.
> >>>
> >>> Now, recently I'm having issues with WPA3 support. This is partly
> >>> related to firmware (it's just so obfuscated how this all works with
> >>> firmware from broadcom and firmware from cypress :-(
> >>>
> >>> And one of those things is that I can't get it to work on the new Pi
> >>> 5. Specifically IWD reporting this:
> >>>
> >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>> Network is WPA3-Personal...
> >>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> >>> CMD_EXTERNAL_AUTH for SAE
> >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>> Can't use SAE, trying WPA2
> >>>
> >>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> >>> advise me to go back to wpa_supplicant. Which is not something I would
> >>> like to do for various reasons...
> >>>
> >>> Do you have any advice for me on what I can do? is this
> >>> CMD_EXTERNAL_AUTH really related to this and are you planning on
> >>> implementing this?
> >> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> > if the Broadcom firmware finally would be able to support external_auth,
> > then it would be nice, but as seen on recent linux-wireless discussions,
> > it is unclear who does what. Broadcom wanted to support external_auth,
> > but then Infineon (the new owner) might be rather using SAE as part of
> > the firmware. And actually the chip on the RPi5 marks itself as Cypress
> > and so you it is an unclear story. I think that Raspberry Pi foundation
> > should get their story straight. Until really recently they shipped a
> > firmware that couldn’t do SAE and also their drivers couldn’t even do
> > external_auth and you were stuck with WPA2 only.
> >
> > https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
> I was not aware that it didn't even support it correctly. I figured
> broadcom was who added it in the first place.
> >
> > You can use an upstream firmware from linux-firmware and make the RPi5
> > support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> > switching to the upstream firmware.
> >
> > On side note, there exists no wpa_supplicant release that really supports
> > SAE offload properly. You need to back port a lot of patches or hope
> > that your distro back ported them for you.
> >
> > We should actually check if nl80211 tells us that external_auth is
> > supported by the driver. And if not (which is the case for the Broadcom
> > upstream driver) send a proper message to users and not lead them into
> > a wild goose chase.
> >
> > Regards
> >
> > Marcel
> >
>
FWIW, the most recent update to the RPI Bookworm image has enabled
this capability:
# uname -a
Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
(2024-04-22) aarch64 GNU/Linux
# dmesg | grep brcmfmac
[ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
[ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 2.216566] usbcore: registered new interface driver brcmfmac
[ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
available (err=-2)
[ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
01-996384e2
# iw list
Wiphy phy0
...
Supported extended features:
* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
* [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
* [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
* [ DFS_OFFLOAD ]: DFS offload
* [ SAE_OFFLOAD ]: SAE offload support
* [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
* [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
This was achieved here with a normal 'apt update ; apt upgrade' routine.
This appears to work for all Pis, now. Even a 32 bit image on a 3b+
with similar hardware:
# uname -a
Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
(2024-04-22) armv7l GNU/Linux
# iw list
...
Supported extended features:
* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
* [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
* [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
* [ DFS_OFFLOAD ]: DFS offload
* [ SAE_OFFLOAD ]: SAE offload support
* [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
* [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
The PiZero2W does not show this capability with the same 64 bit image
running as it has different hardware with different firmware:
# dmesg | grep brcmfmac
[ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
[ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
brcm/brcmfmac43430b0-sdio for chip BCM43430/2
[ 6.080782] usbcore: registered new interface driver brcmfmac
[ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
available (err=-2)
[ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
01-3b307371
Keith
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-30 12:19 ` KeithG
@ 2024-04-30 15:42 ` Harry ten Berge
2024-05-02 12:56 ` KeithG
1 sibling, 0 replies; 13+ messages in thread
From: Harry ten Berge @ 2024-04-30 15:42 UTC (permalink / raw)
To: KeithG; +Cc: James Prestwood, Marcel Holtmann, iwd
On Tue, 30 Apr 2024 at 14:20, KeithG <ys3al35l@gmail.com> wrote:
>
> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
> >
> > Hi Marcel,
> >
> > On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> > > Hi James,
> > >
> > >>> I'm not sure this is the right place to ask for some assistance, but
> > >>> here we go...
> > >>>
> > >>> I'm the author for a small Raspberry Pi audio image that is
> > >>> specifically targeting Roon.
> > >>> If you're not familiair with Roon: it's an audio streaming platform
> > >>> targeting audiophiles ;-)
> > >>>
> > >>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> > >>> full satisfaction.
> > >>> Better and easier integration, and overall a feel of me being in more control.
> > >>>
> > >>> Now, recently I'm having issues with WPA3 support. This is partly
> > >>> related to firmware (it's just so obfuscated how this all works with
> > >>> firmware from broadcom and firmware from cypress :-(
> > >>>
> > >>> And one of those things is that I can't get it to work on the new Pi
> > >>> 5. Specifically IWD reporting this:
> > >>>
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > >>> Network is WPA3-Personal...
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> > >>> CMD_EXTERNAL_AUTH for SAE
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > >>> Can't use SAE, trying WPA2
> > >>>
> > >>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> > >>> advise me to go back to wpa_supplicant. Which is not something I would
> > >>> like to do for various reasons...
> > >>>
> > >>> Do you have any advice for me on what I can do? is this
> > >>> CMD_EXTERNAL_AUTH really related to this and are you planning on
> > >>> implementing this?
> > >> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> > > if the Broadcom firmware finally would be able to support external_auth,
> > > then it would be nice, but as seen on recent linux-wireless discussions,
> > > it is unclear who does what. Broadcom wanted to support external_auth,
> > > but then Infineon (the new owner) might be rather using SAE as part of
> > > the firmware. And actually the chip on the RPi5 marks itself as Cypress
> > > and so you it is an unclear story. I think that Raspberry Pi foundation
> > > should get their story straight. Until really recently they shipped a
> > > firmware that couldn’t do SAE and also their drivers couldn’t even do
> > > external_auth and you were stuck with WPA2 only.
> > >
> > > https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
> > I was not aware that it didn't even support it correctly. I figured
> > broadcom was who added it in the first place.
> > >
> > > You can use an upstream firmware from linux-firmware and make the RPi5
> > > support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> > > switching to the upstream firmware.
> > >
> > > On side note, there exists no wpa_supplicant release that really supports
> > > SAE offload properly. You need to back port a lot of patches or hope
> > > that your distro back ported them for you.
> > >
> > > We should actually check if nl80211 tells us that external_auth is
> > > supported by the driver. And if not (which is the case for the Broadcom
> > > upstream driver) send a proper message to users and not lead them into
> > > a wild goose chase.
> > >
> > > Regards
> > >
> > > Marcel
> > >
> >
>
> FWIW, the most recent update to the RPI Bookworm image has enabled
> this capability:
> # uname -a
> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
> (2024-04-22) aarch64 GNU/Linux
>
> # dmesg | grep brcmfmac
> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
> brcm/brcmfmac43455-sdio for chip BCM4345/6
> [ 2.216566] usbcore: registered new interface driver brcmfmac
> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> available (err=-2)
> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
> 01-996384e2
>
> # iw list
> Wiphy phy0
> ...
> Supported extended features:
> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> * [ DFS_OFFLOAD ]: DFS offload
> * [ SAE_OFFLOAD ]: SAE offload support
> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>
> This was achieved here with a normal 'apt update ; apt upgrade' routine.
>
> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
> with similar hardware:
> # uname -a
> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
> (2024-04-22) armv7l GNU/Linux
> # iw list
> ...
> Supported extended features:
> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> * [ DFS_OFFLOAD ]: DFS offload
> * [ SAE_OFFLOAD ]: SAE offload support
> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>
> The PiZero2W does not show this capability with the same 64 bit image
> running as it has different hardware with different firmware:
> # dmesg | grep brcmfmac
> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
> [ 6.080782] usbcore: registered new interface driver brcmfmac
> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> available (err=-2)
> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
> 01-3b307371
>
> Keith
Oeps. My earlier response was to Keith alone.
But basically Keith is doing some testing, because I can get this to
work with IWD, *only* when I'm on 6.1.
Switching to kernel 6.6 breaks it. (see ticket:
https://github.com/raspberrypi/linux/issues/6130)
I get continuous "iwd No suitable BSSes found" messages.
Curious if Keith gets this working on his setup.
Thanks
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-04-30 12:19 ` KeithG
2024-04-30 15:42 ` Harry ten Berge
@ 2024-05-02 12:56 ` KeithG
2024-05-02 13:09 ` James Prestwood
1 sibling, 1 reply; 13+ messages in thread
From: KeithG @ 2024-05-02 12:56 UTC (permalink / raw)
To: James Prestwood; +Cc: Marcel Holtmann, Harry ten Berge, iwd
On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
>
> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
> >
> > Hi Marcel,
> >
> > On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> > > Hi James,
> > >
> > >>> I'm not sure this is the right place to ask for some assistance, but
> > >>> here we go...
> > >>>
> > >>> I'm the author for a small Raspberry Pi audio image that is
> > >>> specifically targeting Roon.
> > >>> If you're not familiair with Roon: it's an audio streaming platform
> > >>> targeting audiophiles ;-)
> > >>>
> > >>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> > >>> full satisfaction.
> > >>> Better and easier integration, and overall a feel of me being in more control.
> > >>>
> > >>> Now, recently I'm having issues with WPA3 support. This is partly
> > >>> related to firmware (it's just so obfuscated how this all works with
> > >>> firmware from broadcom and firmware from cypress :-(
> > >>>
> > >>> And one of those things is that I can't get it to work on the new Pi
> > >>> 5. Specifically IWD reporting this:
> > >>>
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > >>> Network is WPA3-Personal...
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> > >>> CMD_EXTERNAL_AUTH for SAE
> > >>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> > >>> Can't use SAE, trying WPA2
> > >>>
> > >>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> > >>> advise me to go back to wpa_supplicant. Which is not something I would
> > >>> like to do for various reasons...
> > >>>
> > >>> Do you have any advice for me on what I can do? is this
> > >>> CMD_EXTERNAL_AUTH really related to this and are you planning on
> > >>> implementing this?
> > >> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> > > if the Broadcom firmware finally would be able to support external_auth,
> > > then it would be nice, but as seen on recent linux-wireless discussions,
> > > it is unclear who does what. Broadcom wanted to support external_auth,
> > > but then Infineon (the new owner) might be rather using SAE as part of
> > > the firmware. And actually the chip on the RPi5 marks itself as Cypress
> > > and so you it is an unclear story. I think that Raspberry Pi foundation
> > > should get their story straight. Until really recently they shipped a
> > > firmware that couldn’t do SAE and also their drivers couldn’t even do
> > > external_auth and you were stuck with WPA2 only.
> > >
> > > https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
> > I was not aware that it didn't even support it correctly. I figured
> > broadcom was who added it in the first place.
> > >
> > > You can use an upstream firmware from linux-firmware and make the RPi5
> > > support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> > > switching to the upstream firmware.
> > >
> > > On side note, there exists no wpa_supplicant release that really supports
> > > SAE offload properly. You need to back port a lot of patches or hope
> > > that your distro back ported them for you.
> > >
> > > We should actually check if nl80211 tells us that external_auth is
> > > supported by the driver. And if not (which is the case for the Broadcom
> > > upstream driver) send a proper message to users and not lead them into
> > > a wild goose chase.
> > >
> > > Regards
> > >
> > > Marcel
> > >
> >
>
> FWIW, the most recent update to the RPI Bookworm image has enabled
> this capability:
> # uname -a
> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
> (2024-04-22) aarch64 GNU/Linux
>
> # dmesg | grep brcmfmac
> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
> brcm/brcmfmac43455-sdio for chip BCM4345/6
> [ 2.216566] usbcore: registered new interface driver brcmfmac
> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> available (err=-2)
> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
> 01-996384e2
>
> # iw list
> Wiphy phy0
> ...
> Supported extended features:
> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> * [ DFS_OFFLOAD ]: DFS offload
> * [ SAE_OFFLOAD ]: SAE offload support
> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>
> This was achieved here with a normal 'apt update ; apt upgrade' routine.
>
> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
> with similar hardware:
> # uname -a
> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
> (2024-04-22) armv7l GNU/Linux
> # iw list
> ...
> Supported extended features:
> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> * [ DFS_OFFLOAD ]: DFS offload
> * [ SAE_OFFLOAD ]: SAE offload support
> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>
> The PiZero2W does not show this capability with the same 64 bit image
> running as it has different hardware with different firmware:
> # dmesg | grep brcmfmac
> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
> [ 6.080782] usbcore: registered new interface driver brcmfmac
> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> available (err=-2)
> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
> 01-3b307371
>
> Keith
I got around to testing this a bit tonight. I set up my Pi5 with
hostapd and used this /etc/hostapd/hostapd.conf
# cat /etc/hostapd/hostapd.conf
# interface and driver
interface=ap0
driver=nl80211
# WIFI-Config
ssid=SSIDWPA3
channel=7
hw_mode=g
ieee80211n=1
wmm_enabled=1
macaddr_acl=0
auth_algs=1
max_num_sta=10
wpa=2
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
ieee80211w=2
wpa_passphrase=password
sae_pwe=2
Form the log, it looks like SAE is enabled and ruinning, but I do not
know what I am looking at.
Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
...
SAE: Derive PT - group 19
SAE: SSID - hexdump_ascii(len=8):
53 53 49 44 57 50 41 33 SSIDWPA3
SAE: password - hexdump_ascii(len=9): [REMOVED]
SAE: pwd-seed - hexdump(len=32): [REMOVED]
SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
SAE: u1 - hexdump(len=32): [REMOVED]
...
I can 'see' it from my other pi running iwd and on my laptop, but I
cannot connect on either. I get nothing in the log. When I type in the
password, I get:
[iwd]# station wlan0 connect SSIDWPA3
Type the network passphrase for SSIDWPA3 psk.
Passphrase: *********
Operation failed
Both Pis show that they have what Marcel noted:
Supported extended features:
* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
* [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
* [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
* [ DFS_OFFLOAD ]: DFS offload
* [ SAE_OFFLOAD ]: SAE offload support
* [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
* [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
Is my config wrong?
The version of iwd I am running is 2.17 built from git with the latest
commit as of e3f6a2c. The version if hostapd is:
# hostapd -v
hostapd v2.10
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-05-02 12:56 ` KeithG
@ 2024-05-02 13:09 ` James Prestwood
2024-05-02 13:47 ` KeithG
0 siblings, 1 reply; 13+ messages in thread
From: James Prestwood @ 2024-05-02 13:09 UTC (permalink / raw)
To: KeithG; +Cc: Marcel Holtmann, Harry ten Berge, iwd
Hi Keith,
On 5/2/24 5:56 AM, KeithG wrote:
> On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
>> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
>>> Hi Marcel,
>>>
>>> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
>>>> Hi James,
>>>>
>>>>>> I'm not sure this is the right place to ask for some assistance, but
>>>>>> here we go...
>>>>>>
>>>>>> I'm the author for a small Raspberry Pi audio image that is
>>>>>> specifically targeting Roon.
>>>>>> If you're not familiair with Roon: it's an audio streaming platform
>>>>>> targeting audiophiles ;-)
>>>>>>
>>>>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
>>>>>> full satisfaction.
>>>>>> Better and easier integration, and overall a feel of me being in more control.
>>>>>>
>>>>>> Now, recently I'm having issues with WPA3 support. This is partly
>>>>>> related to firmware (it's just so obfuscated how this all works with
>>>>>> firmware from broadcom and firmware from cypress :-(
>>>>>>
>>>>>> And one of those things is that I can't get it to work on the new Pi
>>>>>> 5. Specifically IWD reporting this:
>>>>>>
>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>> Network is WPA3-Personal...
>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
>>>>>> CMD_EXTERNAL_AUTH for SAE
>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>> Can't use SAE, trying WPA2
>>>>>>
>>>>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
>>>>>> advise me to go back to wpa_supplicant. Which is not something I would
>>>>>> like to do for various reasons...
>>>>>>
>>>>>> Do you have any advice for me on what I can do? is this
>>>>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
>>>>>> implementing this?
>>>>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
>>>> if the Broadcom firmware finally would be able to support external_auth,
>>>> then it would be nice, but as seen on recent linux-wireless discussions,
>>>> it is unclear who does what. Broadcom wanted to support external_auth,
>>>> but then Infineon (the new owner) might be rather using SAE as part of
>>>> the firmware. And actually the chip on the RPi5 marks itself as Cypress
>>>> and so you it is an unclear story. I think that Raspberry Pi foundation
>>>> should get their story straight. Until really recently they shipped a
>>>> firmware that couldn’t do SAE and also their drivers couldn’t even do
>>>> external_auth and you were stuck with WPA2 only.
>>>>
>>>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>>> I was not aware that it didn't even support it correctly. I figured
>>> broadcom was who added it in the first place.
>>>> You can use an upstream firmware from linux-firmware and make the RPi5
>>>> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
>>>> switching to the upstream firmware.
>>>>
>>>> On side note, there exists no wpa_supplicant release that really supports
>>>> SAE offload properly. You need to back port a lot of patches or hope
>>>> that your distro back ported them for you.
>>>>
>>>> We should actually check if nl80211 tells us that external_auth is
>>>> supported by the driver. And if not (which is the case for the Broadcom
>>>> upstream driver) send a proper message to users and not lead them into
>>>> a wild goose chase.
>>>>
>>>> Regards
>>>>
>>>> Marcel
>>>>
>> FWIW, the most recent update to the RPI Bookworm image has enabled
>> this capability:
>> # uname -a
>> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
>> (2024-04-22) aarch64 GNU/Linux
>>
>> # dmesg | grep brcmfmac
>> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
>> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
>> brcm/brcmfmac43455-sdio for chip BCM4345/6
>> [ 2.216566] usbcore: registered new interface driver brcmfmac
>> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>> available (err=-2)
>> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
>> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
>> 01-996384e2
>>
>> # iw list
>> Wiphy phy0
>> ...
>> Supported extended features:
>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>> * [ DFS_OFFLOAD ]: DFS offload
>> * [ SAE_OFFLOAD ]: SAE offload support
>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>
>> This was achieved here with a normal 'apt update ; apt upgrade' routine.
>>
>> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
>> with similar hardware:
>> # uname -a
>> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
>> (2024-04-22) armv7l GNU/Linux
>> # iw list
>> ...
>> Supported extended features:
>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>> * [ DFS_OFFLOAD ]: DFS offload
>> * [ SAE_OFFLOAD ]: SAE offload support
>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>
>> The PiZero2W does not show this capability with the same 64 bit image
>> running as it has different hardware with different firmware:
>> # dmesg | grep brcmfmac
>> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
>> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
>> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
>> [ 6.080782] usbcore: registered new interface driver brcmfmac
>> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>> available (err=-2)
>> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
>> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
>> 01-3b307371
>>
>> Keith
> I got around to testing this a bit tonight. I set up my Pi5 with
> hostapd and used this /etc/hostapd/hostapd.conf
>
> # cat /etc/hostapd/hostapd.conf
> # interface and driver
> interface=ap0
> driver=nl80211
>
> # WIFI-Config
> ssid=SSIDWPA3
> channel=7
> hw_mode=g
> ieee80211n=1
> wmm_enabled=1
> macaddr_acl=0
> auth_algs=1
> max_num_sta=10
>
> wpa=2
> wpa_key_mgmt=SAE
> rsn_pairwise=CCMP
> ieee80211w=2
> wpa_passphrase=password
> sae_pwe=2
>
> Form the log, it looks like SAE is enabled and ruinning, but I do not
> know what I am looking at.
> Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
> ...
> SAE: Derive PT - group 19
> SAE: SSID - hexdump_ascii(len=8):
> 53 53 49 44 57 50 41 33 SSIDWPA3
> SAE: password - hexdump_ascii(len=9): [REMOVED]
> SAE: pwd-seed - hexdump(len=32): [REMOVED]
> SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
> SAE: u1 - hexdump(len=32): [REMOVED]
> ...
>
> I can 'see' it from my other pi running iwd and on my laptop, but I
> cannot connect on either. I get nothing in the log. When I type in the
> password, I get:
>
> [iwd]# station wlan0 connect SSIDWPA3
> Type the network passphrase for SSIDWPA3 psk.
> Passphrase: *********
> Operation failed
We'll need to see some IWD logs to see whats going on. Also, can you
connect from your phone or some other device?
>
> Both Pis show that they have what Marcel noted:
>
> Supported extended features:
> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> * [ DFS_OFFLOAD ]: DFS offload
> * [ SAE_OFFLOAD ]: SAE offload support
> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>
> Is my config wrong?
>
> The version of iwd I am running is 2.17 built from git with the latest
> commit as of e3f6a2c. The version if hostapd is:
> # hostapd -v
> hostapd v2.10
> User space daemon for IEEE 802.11 AP management,
> IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-05-02 13:09 ` James Prestwood
@ 2024-05-02 13:47 ` KeithG
2024-05-02 14:07 ` James Prestwood
0 siblings, 1 reply; 13+ messages in thread
From: KeithG @ 2024-05-02 13:47 UTC (permalink / raw)
To: James Prestwood; +Cc: Marcel Holtmann, Harry ten Berge, iwd
James,
I tried to connect via my Samsung S23 phone and my desktop with an
intel card. The desktop uses iwd 2.17 and when I tried to connect via
iwctl, it did the same thing as the RPi. I suspect my hostapd config,
but do not know. I can try collecting some logs next week on the
desktop and the Pi. Which log do you need? '-d something' or an iwmon
log?
Keith
On Thu, May 2, 2024 at 8:09 AM James Prestwood <prestwoj@gmail.com> wrote:
>
> Hi Keith,
>
> On 5/2/24 5:56 AM, KeithG wrote:
> > On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
> >> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
> >>> Hi Marcel,
> >>>
> >>> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> >>>> Hi James,
> >>>>
> >>>>>> I'm not sure this is the right place to ask for some assistance, but
> >>>>>> here we go...
> >>>>>>
> >>>>>> I'm the author for a small Raspberry Pi audio image that is
> >>>>>> specifically targeting Roon.
> >>>>>> If you're not familiair with Roon: it's an audio streaming platform
> >>>>>> targeting audiophiles ;-)
> >>>>>>
> >>>>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> >>>>>> full satisfaction.
> >>>>>> Better and easier integration, and overall a feel of me being in more control.
> >>>>>>
> >>>>>> Now, recently I'm having issues with WPA3 support. This is partly
> >>>>>> related to firmware (it's just so obfuscated how this all works with
> >>>>>> firmware from broadcom and firmware from cypress :-(
> >>>>>>
> >>>>>> And one of those things is that I can't get it to work on the new Pi
> >>>>>> 5. Specifically IWD reporting this:
> >>>>>>
> >>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>>>>> Network is WPA3-Personal...
> >>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> >>>>>> CMD_EXTERNAL_AUTH for SAE
> >>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>>>>> Can't use SAE, trying WPA2
> >>>>>>
> >>>>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> >>>>>> advise me to go back to wpa_supplicant. Which is not something I would
> >>>>>> like to do for various reasons...
> >>>>>>
> >>>>>> Do you have any advice for me on what I can do? is this
> >>>>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
> >>>>>> implementing this?
> >>>>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> >>>> if the Broadcom firmware finally would be able to support external_auth,
> >>>> then it would be nice, but as seen on recent linux-wireless discussions,
> >>>> it is unclear who does what. Broadcom wanted to support external_auth,
> >>>> but then Infineon (the new owner) might be rather using SAE as part of
> >>>> the firmware. And actually the chip on the RPi5 marks itself as Cypress
> >>>> and so you it is an unclear story. I think that Raspberry Pi foundation
> >>>> should get their story straight. Until really recently they shipped a
> >>>> firmware that couldn’t do SAE and also their drivers couldn’t even do
> >>>> external_auth and you were stuck with WPA2 only.
> >>>>
> >>>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
> >>> I was not aware that it didn't even support it correctly. I figured
> >>> broadcom was who added it in the first place.
> >>>> You can use an upstream firmware from linux-firmware and make the RPi5
> >>>> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> >>>> switching to the upstream firmware.
> >>>>
> >>>> On side note, there exists no wpa_supplicant release that really supports
> >>>> SAE offload properly. You need to back port a lot of patches or hope
> >>>> that your distro back ported them for you.
> >>>>
> >>>> We should actually check if nl80211 tells us that external_auth is
> >>>> supported by the driver. And if not (which is the case for the Broadcom
> >>>> upstream driver) send a proper message to users and not lead them into
> >>>> a wild goose chase.
> >>>>
> >>>> Regards
> >>>>
> >>>> Marcel
> >>>>
> >> FWIW, the most recent update to the RPI Bookworm image has enabled
> >> this capability:
> >> # uname -a
> >> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
> >> (2024-04-22) aarch64 GNU/Linux
> >>
> >> # dmesg | grep brcmfmac
> >> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
> >> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
> >> brcm/brcmfmac43455-sdio for chip BCM4345/6
> >> [ 2.216566] usbcore: registered new interface driver brcmfmac
> >> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> >> available (err=-2)
> >> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
> >> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
> >> 01-996384e2
> >>
> >> # iw list
> >> Wiphy phy0
> >> ...
> >> Supported extended features:
> >> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> >> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> >> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> >> * [ DFS_OFFLOAD ]: DFS offload
> >> * [ SAE_OFFLOAD ]: SAE offload support
> >> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> >> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >>
> >> This was achieved here with a normal 'apt update ; apt upgrade' routine.
> >>
> >> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
> >> with similar hardware:
> >> # uname -a
> >> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
> >> (2024-04-22) armv7l GNU/Linux
> >> # iw list
> >> ...
> >> Supported extended features:
> >> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> >> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> >> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> >> * [ DFS_OFFLOAD ]: DFS offload
> >> * [ SAE_OFFLOAD ]: SAE offload support
> >> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> >> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >>
> >> The PiZero2W does not show this capability with the same 64 bit image
> >> running as it has different hardware with different firmware:
> >> # dmesg | grep brcmfmac
> >> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
> >> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
> >> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
> >> [ 6.080782] usbcore: registered new interface driver brcmfmac
> >> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> >> available (err=-2)
> >> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
> >> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
> >> 01-3b307371
> >>
> >> Keith
> > I got around to testing this a bit tonight. I set up my Pi5 with
> > hostapd and used this /etc/hostapd/hostapd.conf
> >
> > # cat /etc/hostapd/hostapd.conf
> > # interface and driver
> > interface=ap0
> > driver=nl80211
> >
> > # WIFI-Config
> > ssid=SSIDWPA3
> > channel=7
> > hw_mode=g
> > ieee80211n=1
> > wmm_enabled=1
> > macaddr_acl=0
> > auth_algs=1
> > max_num_sta=10
> >
> > wpa=2
> > wpa_key_mgmt=SAE
> > rsn_pairwise=CCMP
> > ieee80211w=2
> > wpa_passphrase=password
> > sae_pwe=2
> >
> > Form the log, it looks like SAE is enabled and ruinning, but I do not
> > know what I am looking at.
> > Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
> > ...
> > SAE: Derive PT - group 19
> > SAE: SSID - hexdump_ascii(len=8):
> > 53 53 49 44 57 50 41 33 SSIDWPA3
> > SAE: password - hexdump_ascii(len=9): [REMOVED]
> > SAE: pwd-seed - hexdump(len=32): [REMOVED]
> > SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
> > SAE: u1 - hexdump(len=32): [REMOVED]
> > ...
> >
> > I can 'see' it from my other pi running iwd and on my laptop, but I
> > cannot connect on either. I get nothing in the log. When I type in the
> > password, I get:
> >
> > [iwd]# station wlan0 connect SSIDWPA3
> > Type the network passphrase for SSIDWPA3 psk.
> > Passphrase: *********
> > Operation failed
>
> We'll need to see some IWD logs to see whats going on. Also, can you
> connect from your phone or some other device?
>
> >
> > Both Pis show that they have what Marcel noted:
> >
> > Supported extended features:
> > * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> > * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> > * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> > * [ DFS_OFFLOAD ]: DFS offload
> > * [ SAE_OFFLOAD ]: SAE offload support
> > * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> > * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >
> > Is my config wrong?
> >
> > The version of iwd I am running is 2.17 built from git with the latest
> > commit as of e3f6a2c. The version if hostapd is:
> > # hostapd -v
> > hostapd v2.10
> > User space daemon for IEEE 802.11 AP management,
> > IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-05-02 13:47 ` KeithG
@ 2024-05-02 14:07 ` James Prestwood
2024-05-07 2:33 ` KeithG
0 siblings, 1 reply; 13+ messages in thread
From: James Prestwood @ 2024-05-02 14:07 UTC (permalink / raw)
To: KeithG; +Cc: Marcel Holtmann, Harry ten Berge, iwd
Hi Keith,
On 5/2/24 6:47 AM, KeithG wrote:
> James,
>
> I tried to connect via my Samsung S23 phone and my desktop with an
> intel card. The desktop uses iwd 2.17 and when I tried to connect via
> iwctl, it did the same thing as the RPi. I suspect my hostapd config,
> but do not know. I can try collecting some logs next week on the
> desktop and the Pi. Which log do you need? '-d something' or an iwmon
> log?
Yeah just a -d IWD log. If you want to capture with iwmon that
definitely can't hurt. For reference, this is the config we use for one
of our SAE autotests:
https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/autotests/testSAE/ssidSAE.conf
>
> Keith
>
> On Thu, May 2, 2024 at 8:09 AM James Prestwood <prestwoj@gmail.com> wrote:
>> Hi Keith,
>>
>> On 5/2/24 5:56 AM, KeithG wrote:
>>> On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
>>>> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
>>>>> Hi Marcel,
>>>>>
>>>>> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
>>>>>> Hi James,
>>>>>>
>>>>>>>> I'm not sure this is the right place to ask for some assistance, but
>>>>>>>> here we go...
>>>>>>>>
>>>>>>>> I'm the author for a small Raspberry Pi audio image that is
>>>>>>>> specifically targeting Roon.
>>>>>>>> If you're not familiair with Roon: it's an audio streaming platform
>>>>>>>> targeting audiophiles ;-)
>>>>>>>>
>>>>>>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
>>>>>>>> full satisfaction.
>>>>>>>> Better and easier integration, and overall a feel of me being in more control.
>>>>>>>>
>>>>>>>> Now, recently I'm having issues with WPA3 support. This is partly
>>>>>>>> related to firmware (it's just so obfuscated how this all works with
>>>>>>>> firmware from broadcom and firmware from cypress :-(
>>>>>>>>
>>>>>>>> And one of those things is that I can't get it to work on the new Pi
>>>>>>>> 5. Specifically IWD reporting this:
>>>>>>>>
>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>>>> Network is WPA3-Personal...
>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
>>>>>>>> CMD_EXTERNAL_AUTH for SAE
>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>>>> Can't use SAE, trying WPA2
>>>>>>>>
>>>>>>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
>>>>>>>> advise me to go back to wpa_supplicant. Which is not something I would
>>>>>>>> like to do for various reasons...
>>>>>>>>
>>>>>>>> Do you have any advice for me on what I can do? is this
>>>>>>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
>>>>>>>> implementing this?
>>>>>>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
>>>>>> if the Broadcom firmware finally would be able to support external_auth,
>>>>>> then it would be nice, but as seen on recent linux-wireless discussions,
>>>>>> it is unclear who does what. Broadcom wanted to support external_auth,
>>>>>> but then Infineon (the new owner) might be rather using SAE as part of
>>>>>> the firmware. And actually the chip on the RPi5 marks itself as Cypress
>>>>>> and so you it is an unclear story. I think that Raspberry Pi foundation
>>>>>> should get their story straight. Until really recently they shipped a
>>>>>> firmware that couldn’t do SAE and also their drivers couldn’t even do
>>>>>> external_auth and you were stuck with WPA2 only.
>>>>>>
>>>>>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>>>>> I was not aware that it didn't even support it correctly. I figured
>>>>> broadcom was who added it in the first place.
>>>>>> You can use an upstream firmware from linux-firmware and make the RPi5
>>>>>> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
>>>>>> switching to the upstream firmware.
>>>>>>
>>>>>> On side note, there exists no wpa_supplicant release that really supports
>>>>>> SAE offload properly. You need to back port a lot of patches or hope
>>>>>> that your distro back ported them for you.
>>>>>>
>>>>>> We should actually check if nl80211 tells us that external_auth is
>>>>>> supported by the driver. And if not (which is the case for the Broadcom
>>>>>> upstream driver) send a proper message to users and not lead them into
>>>>>> a wild goose chase.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Marcel
>>>>>>
>>>> FWIW, the most recent update to the RPI Bookworm image has enabled
>>>> this capability:
>>>> # uname -a
>>>> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
>>>> (2024-04-22) aarch64 GNU/Linux
>>>>
>>>> # dmesg | grep brcmfmac
>>>> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
>>>> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
>>>> brcm/brcmfmac43455-sdio for chip BCM4345/6
>>>> [ 2.216566] usbcore: registered new interface driver brcmfmac
>>>> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>>>> available (err=-2)
>>>> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
>>>> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
>>>> 01-996384e2
>>>>
>>>> # iw list
>>>> Wiphy phy0
>>>> ...
>>>> Supported extended features:
>>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>>> * [ DFS_OFFLOAD ]: DFS offload
>>>> * [ SAE_OFFLOAD ]: SAE offload support
>>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>>
>>>> This was achieved here with a normal 'apt update ; apt upgrade' routine.
>>>>
>>>> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
>>>> with similar hardware:
>>>> # uname -a
>>>> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
>>>> (2024-04-22) armv7l GNU/Linux
>>>> # iw list
>>>> ...
>>>> Supported extended features:
>>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>>> * [ DFS_OFFLOAD ]: DFS offload
>>>> * [ SAE_OFFLOAD ]: SAE offload support
>>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>>
>>>> The PiZero2W does not show this capability with the same 64 bit image
>>>> running as it has different hardware with different firmware:
>>>> # dmesg | grep brcmfmac
>>>> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
>>>> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
>>>> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
>>>> [ 6.080782] usbcore: registered new interface driver brcmfmac
>>>> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>>>> available (err=-2)
>>>> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
>>>> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
>>>> 01-3b307371
>>>>
>>>> Keith
>>> I got around to testing this a bit tonight. I set up my Pi5 with
>>> hostapd and used this /etc/hostapd/hostapd.conf
>>>
>>> # cat /etc/hostapd/hostapd.conf
>>> # interface and driver
>>> interface=ap0
>>> driver=nl80211
>>>
>>> # WIFI-Config
>>> ssid=SSIDWPA3
>>> channel=7
>>> hw_mode=g
>>> ieee80211n=1
>>> wmm_enabled=1
>>> macaddr_acl=0
>>> auth_algs=1
>>> max_num_sta=10
>>>
>>> wpa=2
>>> wpa_key_mgmt=SAE
>>> rsn_pairwise=CCMP
>>> ieee80211w=2
>>> wpa_passphrase=password
>>> sae_pwe=2
>>>
>>> Form the log, it looks like SAE is enabled and ruinning, but I do not
>>> know what I am looking at.
>>> Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
>>> ...
>>> SAE: Derive PT - group 19
>>> SAE: SSID - hexdump_ascii(len=8):
>>> 53 53 49 44 57 50 41 33 SSIDWPA3
>>> SAE: password - hexdump_ascii(len=9): [REMOVED]
>>> SAE: pwd-seed - hexdump(len=32): [REMOVED]
>>> SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
>>> SAE: u1 - hexdump(len=32): [REMOVED]
>>> ...
>>>
>>> I can 'see' it from my other pi running iwd and on my laptop, but I
>>> cannot connect on either. I get nothing in the log. When I type in the
>>> password, I get:
>>>
>>> [iwd]# station wlan0 connect SSIDWPA3
>>> Type the network passphrase for SSIDWPA3 psk.
>>> Passphrase: *********
>>> Operation failed
>> We'll need to see some IWD logs to see whats going on. Also, can you
>> connect from your phone or some other device?
>>
>>> Both Pis show that they have what Marcel noted:
>>>
>>> Supported extended features:
>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>> * [ DFS_OFFLOAD ]: DFS offload
>>> * [ SAE_OFFLOAD ]: SAE offload support
>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>
>>> Is my config wrong?
>>>
>>> The version of iwd I am running is 2.17 built from git with the latest
>>> commit as of e3f6a2c. The version if hostapd is:
>>> # hostapd -v
>>> hostapd v2.10
>>> User space daemon for IEEE 802.11 AP management,
>>> IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-05-02 14:07 ` James Prestwood
@ 2024-05-07 2:33 ` KeithG
2024-05-07 11:55 ` James Prestwood
0 siblings, 1 reply; 13+ messages in thread
From: KeithG @ 2024-05-07 2:33 UTC (permalink / raw)
To: James Prestwood; +Cc: Marcel Holtmann, Harry ten Berge, iwd
[-- Attachment #1: Type: text/plain, Size: 11433 bytes --]
On Thu, May 2, 2024 at 9:07 AM James Prestwood <prestwoj@gmail.com> wrote:
>
> Hi Keith,
>
> On 5/2/24 6:47 AM, KeithG wrote:
> > James,
> >
> > I tried to connect via my Samsung S23 phone and my desktop with an
> > intel card. The desktop uses iwd 2.17 and when I tried to connect via
> > iwctl, it did the same thing as the RPi. I suspect my hostapd config,
> > but do not know. I can try collecting some logs next week on the
> > desktop and the Pi. Which log do you need? '-d something' or an iwmon
> > log?
>
> Yeah just a -d IWD log. If you want to capture with iwmon that
> definitely can't hurt. For reference, this is the config we use for one
> of our SAE autotests:
>
> https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/autotests/testSAE/ssidSAE.conf
>
> >
> > Keith
> >
> > On Thu, May 2, 2024 at 8:09 AM James Prestwood <prestwoj@gmail.com> wrote:
> >> Hi Keith,
> >>
> >> On 5/2/24 5:56 AM, KeithG wrote:
> >>> On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
> >>>> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
> >>>>> Hi Marcel,
> >>>>>
> >>>>> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
> >>>>>> Hi James,
> >>>>>>
> >>>>>>>> I'm not sure this is the right place to ask for some assistance, but
> >>>>>>>> here we go...
> >>>>>>>>
> >>>>>>>> I'm the author for a small Raspberry Pi audio image that is
> >>>>>>>> specifically targeting Roon.
> >>>>>>>> If you're not familiair with Roon: it's an audio streaming platform
> >>>>>>>> targeting audiophiles ;-)
> >>>>>>>>
> >>>>>>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
> >>>>>>>> full satisfaction.
> >>>>>>>> Better and easier integration, and overall a feel of me being in more control.
> >>>>>>>>
> >>>>>>>> Now, recently I'm having issues with WPA3 support. This is partly
> >>>>>>>> related to firmware (it's just so obfuscated how this all works with
> >>>>>>>> firmware from broadcom and firmware from cypress :-(
> >>>>>>>>
> >>>>>>>> And one of those things is that I can't get it to work on the new Pi
> >>>>>>>> 5. Specifically IWD reporting this:
> >>>>>>>>
> >>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>>>>>>> Network is WPA3-Personal...
> >>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
> >>>>>>>> CMD_EXTERNAL_AUTH for SAE
> >>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
> >>>>>>>> Can't use SAE, trying WPA2
> >>>>>>>>
> >>>>>>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
> >>>>>>>> advise me to go back to wpa_supplicant. Which is not something I would
> >>>>>>>> like to do for various reasons...
> >>>>>>>>
> >>>>>>>> Do you have any advice for me on what I can do? is this
> >>>>>>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
> >>>>>>>> implementing this?
> >>>>>>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
> >>>>>> if the Broadcom firmware finally would be able to support external_auth,
> >>>>>> then it would be nice, but as seen on recent linux-wireless discussions,
> >>>>>> it is unclear who does what. Broadcom wanted to support external_auth,
> >>>>>> but then Infineon (the new owner) might be rather using SAE as part of
> >>>>>> the firmware. And actually the chip on the RPi5 marks itself as Cypress
> >>>>>> and so you it is an unclear story. I think that Raspberry Pi foundation
> >>>>>> should get their story straight. Until really recently they shipped a
> >>>>>> firmware that couldn’t do SAE and also their drivers couldn’t even do
> >>>>>> external_auth and you were stuck with WPA2 only.
> >>>>>>
> >>>>>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
> >>>>> I was not aware that it didn't even support it correctly. I figured
> >>>>> broadcom was who added it in the first place.
> >>>>>> You can use an upstream firmware from linux-firmware and make the RPi5
> >>>>>> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
> >>>>>> switching to the upstream firmware.
> >>>>>>
> >>>>>> On side note, there exists no wpa_supplicant release that really supports
> >>>>>> SAE offload properly. You need to back port a lot of patches or hope
> >>>>>> that your distro back ported them for you.
> >>>>>>
> >>>>>> We should actually check if nl80211 tells us that external_auth is
> >>>>>> supported by the driver. And if not (which is the case for the Broadcom
> >>>>>> upstream driver) send a proper message to users and not lead them into
> >>>>>> a wild goose chase.
> >>>>>>
> >>>>>> Regards
> >>>>>>
> >>>>>> Marcel
> >>>>>>
> >>>> FWIW, the most recent update to the RPI Bookworm image has enabled
> >>>> this capability:
> >>>> # uname -a
> >>>> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
> >>>> (2024-04-22) aarch64 GNU/Linux
> >>>>
> >>>> # dmesg | grep brcmfmac
> >>>> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
> >>>> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
> >>>> brcm/brcmfmac43455-sdio for chip BCM4345/6
> >>>> [ 2.216566] usbcore: registered new interface driver brcmfmac
> >>>> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> >>>> available (err=-2)
> >>>> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
> >>>> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
> >>>> 01-996384e2
> >>>>
> >>>> # iw list
> >>>> Wiphy phy0
> >>>> ...
> >>>> Supported extended features:
> >>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> >>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> >>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> >>>> * [ DFS_OFFLOAD ]: DFS offload
> >>>> * [ SAE_OFFLOAD ]: SAE offload support
> >>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> >>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >>>>
> >>>> This was achieved here with a normal 'apt update ; apt upgrade' routine.
> >>>>
> >>>> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
> >>>> with similar hardware:
> >>>> # uname -a
> >>>> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
> >>>> (2024-04-22) armv7l GNU/Linux
> >>>> # iw list
> >>>> ...
> >>>> Supported extended features:
> >>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> >>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> >>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> >>>> * [ DFS_OFFLOAD ]: DFS offload
> >>>> * [ SAE_OFFLOAD ]: SAE offload support
> >>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> >>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >>>>
> >>>> The PiZero2W does not show this capability with the same 64 bit image
> >>>> running as it has different hardware with different firmware:
> >>>> # dmesg | grep brcmfmac
> >>>> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
> >>>> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
> >>>> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
> >>>> [ 6.080782] usbcore: registered new interface driver brcmfmac
> >>>> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
> >>>> available (err=-2)
> >>>> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
> >>>> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
> >>>> 01-3b307371
> >>>>
> >>>> Keith
> >>> I got around to testing this a bit tonight. I set up my Pi5 with
> >>> hostapd and used this /etc/hostapd/hostapd.conf
> >>>
> >>> # cat /etc/hostapd/hostapd.conf
> >>> # interface and driver
> >>> interface=ap0
> >>> driver=nl80211
> >>>
> >>> # WIFI-Config
> >>> ssid=SSIDWPA3
> >>> channel=7
> >>> hw_mode=g
> >>> ieee80211n=1
> >>> wmm_enabled=1
> >>> macaddr_acl=0
> >>> auth_algs=1
> >>> max_num_sta=10
> >>>
> >>> wpa=2
> >>> wpa_key_mgmt=SAE
> >>> rsn_pairwise=CCMP
> >>> ieee80211w=2
> >>> wpa_passphrase=password
> >>> sae_pwe=2
> >>>
> >>> Form the log, it looks like SAE is enabled and ruinning, but I do not
> >>> know what I am looking at.
> >>> Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
> >>> ...
> >>> SAE: Derive PT - group 19
> >>> SAE: SSID - hexdump_ascii(len=8):
> >>> 53 53 49 44 57 50 41 33 SSIDWPA3
> >>> SAE: password - hexdump_ascii(len=9): [REMOVED]
> >>> SAE: pwd-seed - hexdump(len=32): [REMOVED]
> >>> SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
> >>> SAE: u1 - hexdump(len=32): [REMOVED]
> >>> ...
> >>>
> >>> I can 'see' it from my other pi running iwd and on my laptop, but I
> >>> cannot connect on either. I get nothing in the log. When I type in the
> >>> password, I get:
> >>>
> >>> [iwd]# station wlan0 connect SSIDWPA3
> >>> Type the network passphrase for SSIDWPA3 psk.
> >>> Passphrase: *********
> >>> Operation failed
> >> We'll need to see some IWD logs to see whats going on. Also, can you
> >> connect from your phone or some other device?
> >>
> >>> Both Pis show that they have what Marcel noted:
> >>>
> >>> Supported extended features:
> >>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
> >>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
> >>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
> >>> * [ DFS_OFFLOAD ]: DFS offload
> >>> * [ SAE_OFFLOAD ]: SAE offload support
> >>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
> >>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
> >>>
> >>> Is my config wrong?
> >>>
> >>> The version of iwd I am running is 2.17 built from git with the latest
> >>> commit as of e3f6a2c. The version if hostapd is:
> >>> # hostapd -v
> >>> hostapd v2.10
> >>> User space daemon for IEEE 802.11 AP management,
> >>> IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
James,
I tried this again. a Pi5 running your SAE hostapd.conf and a Pi3b+
running iwd -d. I get teh same thing on the cli when I try to connect
and put in the password: "Operation Failed'
The hostapd config on the Pi5 is:
# cat /etc/hostapd/hostapd.conf
# interface and driver
interface=ap0
driver=nl80211
# WIFI-Config
ssid=ssidSAE
channel=1
hw_mode=g
wpa=2
wpa_key_mgmt=SAE
wpa_pairwise=CCMP
sae_password=secret123
sae_groups=19
ieee80211w=2
sae_pwe=0
The iwd log from the Pi3b+ is attached.
Keith
[-- Attachment #2: SAE_LOG.txt --]
[-- Type: text/plain, Size: 60211 bytes --]
May 06 21:26:36 rpi64 iwd[1715864]: Terminate
May 06 21:26:36 rpi64 iwd[1715864]: src/agent.c:release_agent() send Release to :1.63135 /net/connman/iwd_agent
May 06 21:26:36 rpi64 iwd[1715864]: src/agent.c:agent_free() agent free 0x55810cdaf0
May 06 21:26:36 rpi64 iwd[1715864]: src/netdev.c:netdev_free() Freeing netdev wlan0[3]
May 06 21:26:36 rpi64 iwd[1715864]: src/device.c:device_free()
May 06 21:26:36 rpi64 iwd[1715864]: src/station.c:station_free()
May 06 21:26:36 rpi64 iwd[1715864]: src/netconfig.c:netconfig_destroy()
May 06 21:26:36 rpi64 iwd[1715864]: src/station.c:station_roam_state_clear() 3
May 06 21:26:36 rpi64 iwd[1715864]: Removing scan context for wdev 1
May 06 21:26:36 rpi64 iwd[1715864]: src/scan.c:scan_context_free() sc: 0x55810c15e0
May 06 21:26:36 rpi64 systemd[1]: Stopping iwd.service - Wireless service...
May 06 21:26:37 rpi64 iwd[1715864]: src/agent.c:agent_unregister() agent unregister
May 06 21:26:37 rpi64 iwd[1715864]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:26:37 rpi64 iwd[1715864]: src/module.c:iwd_modules_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap.c:__eap_method_disable()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-wsc.c:eap_wsc_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-md5.c:eap_md5_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-tls.c:eap_tls_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-ttls.c:eap_ttls_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-mschapv2.c:eap_mschapv2_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-sim.c:eap_sim_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-aka.c:eap_aka_prime_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-aka.c:eap_aka_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-peap.c:eap_peap_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-gtc.c:eap_gtc_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/eap-pwd.c:eap_pwd_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/udev.c:udev_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/dpp.c:dpp_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/offchannel.c:offchannel_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/wsc.c:wsc_exit()
May 06 21:26:37 rpi64 iwd[1715864]: src/wiphy.c:wiphy_free() Freeing wiphy phy0[0]
May 06 21:26:37 rpi64 iwd[1715864]: D-Bus disconnected, quitting...
May 06 21:26:37 rpi64 systemd[1]: iwd.service: Deactivated successfully.
May 06 21:26:37 rpi64 systemd[1]: Stopped iwd.service - Wireless service.
May 06 21:26:37 rpi64 systemd[1]: Starting iwd.service - Wireless service...
May 06 21:26:37 rpi64 iwd[1721587]: Wireless daemon version 2.17
May 06 21:26:37 rpi64 iwd[1721587]: src/main.c:main() Using configuration directory /etc/iwd
May 06 21:26:37 rpi64 iwd[1721587]: Loaded configuration from /etc/iwd/main.conf
May 06 21:26:37 rpi64 iwd[1721587]: src/storage.c:storage_create_dirs() Using state directory /var/lib/iwd
May 06 21:26:37 rpi64 systemd[1]: Started iwd.service - Wireless service.
May 06 21:26:37 rpi64 iwd[1721587]: src/main.c:nl80211_appeared() Found nl80211 interface
May 06 21:26:37 rpi64 iwd[1721587]: src/module.c:iwd_modules_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/wsc.c:wsc_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/udev.c:udev_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap.c:__eap_method_enable()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-wsc.c:eap_wsc_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-md5.c:eap_md5_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-tls.c:eap_tls_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-ttls.c:eap_ttls_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-mschapv2.c:eap_mschapv2_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-sim.c:eap_sim_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-aka.c:eap_aka_prime_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-aka.c:eap_aka_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-peap.c:eap_peap_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-gtc.c:eap_gtc_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/eap-pwd.c:eap_pwd_init()
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_wiphy_dump_callback() New wiphy phy0 added (0)
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_wiphy_dump_done()
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_filtered_wiphy_dump_done()
May 06 21:26:37 rpi64 iwd[1721587]: Wiphy: 0, Name: phy0
May 06 21:26:37 rpi64 iwd[1721587]: Permanent Address: b8:27:eb:a4:6e:0f
May 06 21:26:37 rpi64 iwd[1721587]: 2.4GHz Band:
May 06 21:26:37 rpi64 iwd[1721587]: Bitrates (non-HT):
May 06 21:26:37 rpi64 iwd[1721587]: 1.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 2.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 5.5 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 11.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 6.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 9.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 12.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 18.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 24.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 36.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 48.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 54.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: HT Capabilities:
May 06 21:26:37 rpi64 iwd[1721587]: HT40
May 06 21:26:37 rpi64 iwd[1721587]: Short GI for 20Mhz
May 06 21:26:37 rpi64 iwd[1721587]: HT RX MCS indexes:
May 06 21:26:37 rpi64 iwd[1721587]: 0-7
May 06 21:26:37 rpi64 iwd[1721587]: 5GHz Band:
May 06 21:26:37 rpi64 iwd[1721587]: Bitrates (non-HT):
May 06 21:26:37 rpi64 iwd[1721587]: 6.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 9.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 12.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 18.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 24.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 36.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 48.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: 54.0 Mbps
May 06 21:26:37 rpi64 iwd[1721587]: HT Capabilities:
May 06 21:26:37 rpi64 iwd[1721587]: HT40
May 06 21:26:37 rpi64 iwd[1721587]: Short GI for 20Mhz
May 06 21:26:37 rpi64 iwd[1721587]: Short GI for 40Mhz
May 06 21:26:37 rpi64 iwd[1721587]: HT RX MCS indexes:
May 06 21:26:37 rpi64 iwd[1721587]: 0-7
May 06 21:26:37 rpi64 iwd[1721587]: VHT Capabilities:
May 06 21:26:37 rpi64 iwd[1721587]: Short GI for 80Mhz
May 06 21:26:37 rpi64 iwd[1721587]: Max RX MCS: 0-9 for NSS: 1
May 06 21:26:37 rpi64 iwd[1721587]: Max TX MCS: 0-9 for NSS: 1
May 06 21:26:37 rpi64 iwd[1721587]: Ciphers: BIP-CMAC-128 CCMP-128 TKIP
May 06 21:26:37 rpi64 iwd[1721587]: Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
May 06 21:26:37 rpi64 iwd[1721587]: Driver Flags: DefaultInterface
May 06 21:26:37 rpi64 iwd[1721587]: Wiphy phy0 will only use the default interface
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_interface_dump_callback()
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_get_interface_cb()
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_interface_dump_done()
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_use_default()
May 06 21:26:37 rpi64 iwd[1721587]: src/netdev.c:netdev_create_from_genl() Created interface wlan0[3 1]
May 06 21:26:37 rpi64 iwd[1721587]: src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for phy0 is 99
May 06 21:26:37 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:26:37 rpi64 iwd[1721587]: src/netdev.c:netdev_set_4addr() netdev: 3 use_4addr: 0
May 06 21:26:37 rpi64 iwd[1721587]: src/netdev.c:netdev_initial_up_cb() Interface 3 initialized
May 06 21:26:37 rpi64 iwd[1721587]: src/netconfig.c:netconfig_new() Creating netconfig for interface: 3
May 06 21:26:37 rpi64 iwd[1721587]: event: state, old: disconnected, new: autoconnect_quick
May 06 21:26:37 rpi64 iwd[1721587]: src/scan.c:scan_periodic_start() Starting periodic scan for wdev 1
May 06 21:26:37 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 1
May 06 21:26:37 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 1
May 06 21:26:37 rpi64 iwd[1721587]: src/rrm.c:rrm_add_frame_watches()
May 06 21:26:37 rpi64 iwd[1721587]: src/agent.c:agent_register() agent register called
May 06 21:26:37 rpi64 iwd[1721587]: src/agent.c:agent_register() agent :1.63135 path /net/connman/iwd_agent
May 06 21:26:37 rpi64 iwd[1721587]: src/manager.c:manager_config_notify() Notification of command Set Interface(6)
May 06 21:26:37 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification Trigger Scan(33)
May 06 21:26:37 rpi64 iwd[1721587]: src/scan.c:scan_request_triggered() Active scan triggered for wdev 1
May 06 21:26:37 rpi64 iwd[1721587]: src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification New Scan Results(34)
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_periodic_rearm() Arming periodic scan timer: 10
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:18' with SSID: spg4, freq: 5200, rank: 3546, strength: -4400, data_rate: 433.3
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "spg4" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:1c' with SSID: spg4, freq: 5500, rank: 2660, strength: -5400, data_rate: 325.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '86:bb:69:e3:2c:c3' with SSID: ATT3zFM5gH, freq: 5785, rank: 1596, strength: -6100, data_rate: 195.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATT3zFM5gH" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '06:9c:27:25:d2:73' with SSID: ATTcVY9ZWa, freq: 5785, rank: 1596, strength: -6300, data_rate: 195.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATTcVY9ZWa" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:14' with SSID: spg4, freq: 2452, rank: 591, strength: -4000, data_rate: 72.2
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:70' with SSID: ATTcVY9ZWa, freq: 2432, rank: 591, strength: -5900, data_rate: 72.2
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '84:bb:69:e3:2c:c0' with SSID: ATT3zFM5gH, freq: 2412, rank: 394, strength: -6600, data_rate: 57.8
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'cc:ab:2c:dd:db:94' with SSID: ATTZSD3VS2, freq: 2457, rank: 354, strength: -6800, data_rate: 43.3
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATTZSD3VS2" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'fa:8f:ca:61:7e:9c' with SSID: , freq: 2432, rank: 295, strength: -6800, data_rate: 43.3
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:44' with SSID: 2WIRE811, freq: 2422, rank: 236, strength: -7200, data_rate: 28.9
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "2WIRE811" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d7' with SSID: SuperFastW, freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "SuperFastW" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:9f:80:16:5e:d7' with SSID: , freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'd8:3a:dd:22:54:24' with SSID: ssidSAE, freq: 2412, rank: 197, strength: -7200, data_rate: 28.9
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ssidSAE" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:48' with SSID: 2WIRE811, freq: 5180, rank: 122, strength: -7800, data_rate: 15.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d9' with SSID: SuperFastW, freq: 5785, rank: 102, strength: -7900, data_rate: 15.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'dc:8d:8a:11:9f:24' with SSID: ATTsG7Uajq, freq: 2442, rank: 90, strength: -8300, data_rate: 11.0
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATTsG7Uajq" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f0:72:ea:1c:74:2a' with SSID: Corgi Manor, freq: 2437, rank: 37, strength: -8500, data_rate: 5.5
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "Corgi Manor" security psk
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_start()
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: spg4
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '6c:4b:b4:19:7a:18' freq: 5200, rank: 3546, strength: -4400
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTcVY9ZWa
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '06:9c:27:25:d2:73' freq: 5785, rank: 1596, strength: -6300
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT3zFM5gH
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '86:bb:69:e3:2c:c3' freq: 5785, rank: 1596, strength: -6100
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTZSD3VS2
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'cc:ab:2c:dd:db:94' freq: 2457, rank: 354, strength: -6800
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: 2WIRE811
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'f8:9b:6e:2c:30:44' freq: 2422, rank: 236, strength: -7200
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ssidSAE
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'd8:3a:dd:22:54:24' freq: 2412, rank: 197, strength: -7200
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: SuperFastW
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'e8:9f:80:16:5e:d7' freq: 2427, rank: 197, strength: -7100
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTsG7Uajq
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'dc:8d:8a:11:9f:24' freq: 2442, rank: 90, strength: -8300
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: Corgi Manor
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'f0:72:ea:1c:74:2a' freq: 2437, rank: 37, strength: -8500
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 1 done
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:26:40 rpi64 iwd[1721587]: src/network.c:network_connect()
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:26:40 rpi64 iwd[1721587]: src/network.c:network_connect_psk() ask_passphrase: true
May 06 21:26:40 rpi64 iwd[1721587]: src/agent.c:agent_request_passphrase() agent 0x558e9606a0 owner :1.63135 path /net/connman/iwd_agent
May 06 21:26:40 rpi64 iwd[1721587]: src/agent.c:agent_send_next_request() send request to :1.63135 /net/connman/iwd_agent
May 06 21:26:40 rpi64 iwd[1721587]: src/agent.c:agent_receive_reply() agent 0x558e9606a0 request id 26
May 06 21:26:40 rpi64 iwd[1721587]: src/network.c:passphrase_callback() result 0
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:26:40 rpi64 iwd[1721587]: src/network.c:network_generate_sae_pt() Generating PT for Group 19
May 06 21:26:40 rpi64 iwd[1721587]: src/network.c:network_generate_sae_pt() Generating PT for Group 20
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_cqm_rssi_update()
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 2
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 2
May 06 21:26:40 rpi64 iwd[1721587]: event: connect-info, ssid: ssidSAE, bss: d8:3a:dd:22:54:24, signal: -72, load: 127/255
May 06 21:26:40 rpi64 iwd[1721587]: event: state, old: autoconnect_full, new: connecting
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_periodic_stop() Stopping periodic scan for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: CMD_SET_CQM failed: Operation not supported
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_netdev_event() Associating
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event()
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event() aborting and ignore_connect_event not set, proceed
May 06 21:26:40 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event() expect_connect_failure not set, proceed
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 2 done
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_connect_cb() 3, result: 2
May 06 21:26:40 rpi64 iwd[1721587]: event: connect-failed, status: 16
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_reset_connection_state() 3
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_roam_state_clear() 3
May 06 21:26:40 rpi64 iwd[1721587]: event: state, old: connecting, new: disconnected
May 06 21:26:40 rpi64 iwd[1721587]: event: state, old: disconnected, new: autoconnect_quick
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_periodic_start() Starting periodic scan for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 3
May 06 21:26:40 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 3
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification Trigger Scan(33)
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_request_triggered() Active scan triggered for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/station.c:station_dbus_disconnect()
May 06 21:26:40 rpi64 iwd[1721587]: event: state, old: autoconnect_full, new: disconnected
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_periodic_stop() Stopping periodic scan for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_cancel() Trying to cancel scan id 3 for wdev 1
May 06 21:26:40 rpi64 iwd[1721587]: src/scan.c:scan_cancel() Scan has been triggered, wait for it to complete
May 06 21:26:43 rpi64 iwd[1721587]: src/agent.c:agent_register() agent register called
May 06 21:26:43 rpi64 iwd[1721587]: src/agent.c:agent_register() agent :1.63293 path /agent/1721633
May 06 21:26:43 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification New Scan Results(34)
May 06 21:26:43 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 3 done
May 06 21:26:43 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:26:51 rpi64 iwd[1721587]: src/station.c:station_dbus_scan() Scan called from DBus
May 06 21:26:51 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 4
May 06 21:26:51 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 4
May 06 21:26:51 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification Trigger Scan(33)
May 06 21:26:51 rpi64 iwd[1721587]: src/scan.c:scan_request_triggered() Active scan triggered for wdev 1
May 06 21:26:51 rpi64 iwd[1721587]: src/station.c:station_dbus_scan_triggered() station_scan_triggered: 0
May 06 21:26:51 rpi64 iwd[1721587]: src/station.c:station_dbus_scan_triggered() Scan triggered for wlan0 subset 0
May 06 21:26:54 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification New Scan Results(34)
May 06 21:26:54 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:18' with SSID: spg4, freq: 5200, rank: 2955, strength: -4400, data_rate: 433.3
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:1c' with SSID: spg4, freq: 5500, rank: 2660, strength: -5400, data_rate: 325.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '0c:08:b4:26:c7:56' with SSID: DIRECTV_WVB_6E9D96DF, freq: 5500, rank: 2394, strength: -5900, data_rate: 292.5
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "DIRECTV_WVB_6E9D96DF" security psk
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '86:bb:69:e3:2c:c3' with SSID: ATT3zFM5gH, freq: 5785, rank: 2128, strength: -6000, data_rate: 260.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '06:9c:27:25:d2:73' with SSID: ATTcVY9ZWa, freq: 5785, rank: 1596, strength: -6300, data_rate: 195.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:70' with SSID: ATTcVY9ZWa, freq: 2432, rank: 591, strength: -5800, data_rate: 72.2
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:14' with SSID: spg4, freq: 2452, rank: 492, strength: -3900, data_rate: 72.2
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'fa:8f:ca:61:7e:9c' with SSID: , freq: 2432, rank: 394, strength: -6600, data_rate: 57.8
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'd8:3a:dd:22:54:24' with SSID: ssidSAE, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '84:bb:69:e3:2c:c0' with SSID: ATT3zFM5gH, freq: 2412, rank: 295, strength: -6800, data_rate: 43.3
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d7' with SSID: SuperFastW, freq: 2427, rank: 295, strength: -7000, data_rate: 43.3
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'cc:ab:2c:dd:db:94' with SSID: ATTZSD3VS2, freq: 2457, rank: 236, strength: -7200, data_rate: 28.9
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d8' with SSID: SuperFastW, freq: 5180, rank: 221, strength: -7400, data_rate: 32.5
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:44' with SSID: 2WIRE811, freq: 2422, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d9' with SSID: SuperFastW, freq: 5785, rank: 102, strength: -7700, data_rate: 15.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '2e:3b:f3:3e:10:cd' with SSID: , freq: 2417, rank: 98, strength: -7900, data_rate: 14.4
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '90:d0:92:01:7b:c4' with SSID: ATTxpqI4Ps, freq: 2447, rank: 59, strength: -8200, data_rate: 7.2
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATTxpqI4Ps" security psk
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'c2:d2:f3:e6:fb:43' with SSID: , freq: 5785, rank: 13, strength: -8600, data_rate: 2.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '4e:63:9c:f8:85:dd' with SSID: Spectrum Mobile, freq: 5220, rank: 13, strength: -8800, data_rate: 2.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "Spectrum Mobile" security 8021x
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_start_anqp() Not querying AP for ANQP data (disabled)
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:63:9c:f8:85:dd' with SSID: Fijian Lotus, freq: 5220, rank: 13, strength: -9000, data_rate: 2.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "Fijian Lotus" security psk
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:9f:80:16:5e:d7' with SSID: , freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:48' with SSID: 2WIRE811, freq: 5180, rank: 122, strength: -7800, data_rate: 15.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'dc:8d:8a:11:9f:24' with SSID: ATTsG7Uajq, freq: 2442, rank: 90, strength: -8300, data_rate: 11.0
May 06 21:26:54 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f0:72:ea:1c:74:2a' with SSID: Corgi Manor, freq: 2437, rank: 37, strength: -8500, data_rate: 5.5
May 06 21:26:54 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 4 done
May 06 21:27:07 rpi64 iwd[1721587]: src/network.c:network_connect()
May 06 21:27:07 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:07 rpi64 iwd[1721587]: src/network.c:network_connect_psk() ask_passphrase: true
May 06 21:27:07 rpi64 iwd[1721587]: src/agent.c:agent_request_passphrase() agent 0x558e96b9e0 owner :1.63293 path /agent/1721633
May 06 21:27:07 rpi64 iwd[1721587]: src/agent.c:agent_send_next_request() send request to :1.63293 /agent/1721633
May 06 21:27:11 rpi64 iwd[1721587]: src/agent.c:agent_receive_reply() agent 0x558e96b9e0 request id 58
May 06 21:27:11 rpi64 iwd[1721587]: src/network.c:passphrase_callback() result 0
May 06 21:27:11 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:11 rpi64 iwd[1721587]: src/network.c:network_generate_sae_pt() Generating PT for Group 19
May 06 21:27:11 rpi64 iwd[1721587]: src/network.c:network_generate_sae_pt() Generating PT for Group 20
May 06 21:27:11 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:11 rpi64 iwd[1721587]: src/netdev.c:netdev_cqm_rssi_update()
May 06 21:27:11 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 5
May 06 21:27:11 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 5
May 06 21:27:11 rpi64 iwd[1721587]: event: connect-info, ssid: ssidSAE, bss: d8:3a:dd:22:54:24, signal: -67, load: 127/255
May 06 21:27:11 rpi64 iwd[1721587]: event: state, old: disconnected, new: connecting
May 06 21:27:11 rpi64 iwd[1721587]: CMD_SET_CQM failed: Operation not supported
May 06 21:27:11 rpi64 iwd[1721587]: src/station.c:station_netdev_event() Associating
May 06 21:27:12 rpi64 iwd[1721587]: src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
May 06 21:27:12 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event()
May 06 21:27:12 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event() aborting and ignore_connect_event not set, proceed
May 06 21:27:12 rpi64 iwd[1721587]: src/netdev.c:netdev_connect_event() expect_connect_failure not set, proceed
May 06 21:27:12 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 5 done
May 06 21:27:12 rpi64 iwd[1721587]: src/station.c:station_connect_cb() 3, result: 2
May 06 21:27:12 rpi64 iwd[1721587]: event: connect-failed, status: 16
May 06 21:27:12 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:12 rpi64 iwd[1721587]: src/station.c:station_reset_connection_state() 3
May 06 21:27:12 rpi64 iwd[1721587]: src/station.c:station_roam_state_clear() 3
May 06 21:27:12 rpi64 iwd[1721587]: event: state, old: connecting, new: disconnected
May 06 21:27:12 rpi64 iwd[1721587]: event: state, old: disconnected, new: autoconnect_quick
May 06 21:27:12 rpi64 iwd[1721587]: src/scan.c:scan_periodic_start() Starting periodic scan for wdev 1
May 06 21:27:12 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 6
May 06 21:27:12 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 6
May 06 21:27:12 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification Trigger Scan(33)
May 06 21:27:12 rpi64 iwd[1721587]: src/scan.c:scan_request_triggered() Active scan triggered for wdev 1
May 06 21:27:12 rpi64 iwd[1721587]: src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev 1
May 06 21:27:14 rpi64 iwd[1721587]: src/agent.c:agent_disconnect() agent :1.63293 disconnected
May 06 21:27:14 rpi64 iwd[1721587]: src/agent.c:agent_free() agent free 0x558e96b9e0
May 06 21:27:14 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification New Scan Results(34)
May 06 21:27:14 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:27:14 rpi64 iwd[1721587]: src/scan.c:scan_periodic_rearm() Arming periodic scan timer: 10
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:18' with SSID: spg4, freq: 5200, rank: 3546, strength: -4300, data_rate: 433.3
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:1c' with SSID: spg4, freq: 5500, rank: 2660, strength: -5400, data_rate: 325.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '0c:08:b4:26:c7:56' with SSID: DIRECTV_WVB_6E9D96DF, freq: 5500, rank: 2394, strength: -5900, data_rate: 292.5
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '86:bb:69:e3:2c:c3' with SSID: ATT3zFM5gH, freq: 5785, rank: 1596, strength: -6100, data_rate: 195.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '06:9c:27:25:d2:73' with SSID: ATTcVY9ZWa, freq: 5785, rank: 1596, strength: -6200, data_rate: 195.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:73' with SSID: , freq: 5785, rank: 1596, strength: -6300, data_rate: 195.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:14' with SSID: spg4, freq: 2452, rank: 591, strength: -3800, data_rate: 72.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:70' with SSID: ATTcVY9ZWa, freq: 2432, rank: 591, strength: -5900, data_rate: 72.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'fa:8f:ca:61:7e:9c' with SSID: , freq: 2432, rank: 394, strength: -6600, data_rate: 57.8
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'a6:6a:44:de:13:cd' with SSID: VIZIOCastAudio3442, freq: 2462, rank: 354, strength: -6600, data_rate: 52.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "VIZIOCastAudio3442" security open
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'd8:3a:dd:22:54:24' with SSID: ssidSAE, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '84:bb:69:e3:2c:c0' with SSID: ATT3zFM5gH, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'cc:ab:2c:dd:db:94' with SSID: ATTZSD3VS2, freq: 2457, rank: 236, strength: -7200, data_rate: 28.9
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:9f:80:16:5e:d7' with SSID: , freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:44' with SSID: 2WIRE811, freq: 2422, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d7' with SSID: SuperFastW, freq: 2427, rank: 197, strength: -7200, data_rate: 28.9
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:48' with SSID: 2WIRE811, freq: 5180, rank: 122, strength: -7800, data_rate: 15.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d8' with SSID: SuperFastW, freq: 5180, rank: 102, strength: -7700, data_rate: 15.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '2e:3b:f3:3e:10:cd' with SSID: , freq: 2417, rank: 98, strength: -7900, data_rate: 14.4
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:4c' with SSID: 2WIRE811, freq: 5745, rank: 59, strength: -8000, data_rate: 7.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '90:d0:92:01:7b:c4' with SSID: ATTxpqI4Ps, freq: 2447, rank: 59, strength: -8200, data_rate: 7.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d9' with SSID: SuperFastW, freq: 5785, rank: 49, strength: -8000, data_rate: 7.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:0d:fa:34' with SSID: ATTgzky2WG, freq: 2417, rank: 49, strength: -8100, data_rate: 7.2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATTgzky2WG" security psk
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ec:a9:40:dd:8f:e0' with SSID: ATT5fbNia2, freq: 2442, rank: 37, strength: -8500, data_rate: 5.5
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATT5fbNia2" security psk
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'c2:d2:f3:5e:52:97' with SSID: , freq: 5785, rank: 13, strength: -8500, data_rate: 2.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'c2:d2:f3:e6:fb:43' with SSID: , freq: 5785, rank: 13, strength: -8600, data_rate: 2.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '4e:63:9c:f8:85:dd' with SSID: Spectrum Mobile, freq: 5220, rank: 13, strength: -8800, data_rate: 2.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_start_anqp() Not querying AP for ANQP data (disabled)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:63:9c:f8:85:dd' with SSID: Fijian Lotus, freq: 5220, rank: 13, strength: -9000, data_rate: 2.0
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:process_network() No remaining BSSs for SSID: Corgi Manor -- Removing network
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:process_network() No remaining BSSs for SSID: ATTsG7Uajq -- Removing network
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_start()
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: spg4
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '6c:4b:b4:19:7a:18' freq: 5200, rank: 3546, strength: -4300
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: DIRECTV_WVB_6E9D96DF
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '0c:08:b4:26:c7:56' freq: 5500, rank: 2394, strength: -5900
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTcVY9ZWa
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '06:9c:27:25:d2:73' freq: 5785, rank: 1596, strength: -6200
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT3zFM5gH
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '86:bb:69:e3:2c:c3' freq: 5785, rank: 1596, strength: -6100
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: VIZIOCastAudio3442
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'a6:6a:44:de:13:cd' freq: 2462, rank: 354, strength: -6600
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ssidSAE
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: No suitable BSSes found
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTZSD3VS2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'cc:ab:2c:dd:db:94' freq: 2457, rank: 236, strength: -7200
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: 2WIRE811
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'f8:9b:6e:2c:30:44' freq: 2422, rank: 197, strength: -7100
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: SuperFastW
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'e8:9f:80:16:5e:d7' freq: 2427, rank: 197, strength: -7200
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTxpqI4Ps
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '90:d0:92:01:7b:c4' freq: 2447, rank: 59, strength: -8200
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTgzky2WG
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '6c:4b:b4:0d:fa:34' freq: 2417, rank: 49, strength: -8100
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT5fbNia2
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'ec:a9:40:dd:8f:e0' freq: 2442, rank: 37, strength: -8500
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: Fijian Lotus
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'ee:63:9c:f8:85:dd' freq: 5220, rank: 13, strength: -9000
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: Spectrum Mobile
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '4e:63:9c:f8:85:dd' freq: 5220, rank: 13, strength: -8800
May 06 21:27:14 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:14 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 6 done
May 06 21:27:24 rpi64 iwd[1721587]: src/scan.c:scan_periodic_timeout() 1
May 06 21:27:24 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_insert() Inserting work item 7
May 06 21:27:24 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_next() Starting work item 7
May 06 21:27:24 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification Trigger Scan(33)
May 06 21:27:24 rpi64 iwd[1721587]: src/scan.c:scan_request_triggered() Active scan triggered for wdev 1
May 06 21:27:24 rpi64 iwd[1721587]: src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev 1
May 06 21:27:27 rpi64 iwd[1721587]: src/scan.c:scan_notify() Scan notification New Scan Results(34)
May 06 21:27:27 rpi64 iwd[1721587]: src/netdev.c:netdev_link_notify() event 16 on ifindex 3
May 06 21:27:27 rpi64 iwd[1721587]: src/scan.c:scan_periodic_rearm() Arming periodic scan timer: 20
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:18' with SSID: spg4, freq: 5200, rank: 3546, strength: -4400, data_rate: 433.3
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:1c' with SSID: spg4, freq: 5500, rank: 3192, strength: -5300, data_rate: 390.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '0c:08:b4:26:c7:56' with SSID: DIRECTV_WVB_6E9D96DF, freq: 5500, rank: 2660, strength: -5800, data_rate: 325.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '84:bb:69:e3:2c:c3' with SSID: , freq: 5785, rank: 2128, strength: -6000, data_rate: 260.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '86:bb:69:e3:2c:c3' with SSID: ATT3zFM5gH, freq: 5785, rank: 2128, strength: -6000, data_rate: 260.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '06:9c:27:25:d2:73' with SSID: ATTcVY9ZWa, freq: 5785, rank: 1596, strength: -6200, data_rate: 195.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:73' with SSID: , freq: 5785, rank: 1596, strength: -6300, data_rate: 195.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:19:7a:14' with SSID: spg4, freq: 2452, rank: 591, strength: -4100, data_rate: 72.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '18:9c:27:25:d2:70' with SSID: ATTcVY9ZWa, freq: 2432, rank: 591, strength: -5800, data_rate: 72.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ac:3a:7a:0c:83:0b' with SSID: , freq: 2462, rank: 492, strength: -5600, data_rate: 72.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '84:bb:69:e3:2c:c0' with SSID: ATT3zFM5gH, freq: 2412, rank: 492, strength: -6400, data_rate: 72.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'a6:6a:44:de:13:cd' with SSID: VIZIOCastAudio3442, freq: 2462, rank: 354, strength: -6600, data_rate: 52.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'd8:3a:dd:22:54:24' with SSID: ssidSAE, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'fa:8f:ca:61:7e:9c' with SSID: , freq: 2432, rank: 295, strength: -6700, data_rate: 43.3
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d8' with SSID: SuperFastW, freq: 5180, rank: 221, strength: -7600, data_rate: 32.5
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:9f:80:16:5e:d7' with SSID: , freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d7' with SSID: SuperFastW, freq: 2427, rank: 197, strength: -7100, data_rate: 28.9
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:48' with SSID: 2WIRE811, freq: 5180, rank: 122, strength: -7900, data_rate: 15.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '2c:ea:dc:d6:f4:aa' with SSID: SpectrumSetup-AC, freq: 2437, rank: 98, strength: -7900, data_rate: 14.4
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "SpectrumSetup-AC" security psk
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '44:a5:6e:58:c3:d5' with SSID: ATT4DwP79U, freq: 2462, rank: 75, strength: -8300, data_rate: 11.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "ATT4DwP79U" security psk
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f8:9b:6e:2c:30:4c' with SSID: 2WIRE811, freq: 5745, rank: 59, strength: -8000, data_rate: 7.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '10:c4:ca:a6:79:f4' with SSID: HiltonHead2025, freq: 2432, rank: 49, strength: -8000, data_rate: 7.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "HiltonHead2025" security psk
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '1c:3b:f3:3e:10:cd' with SSID: TPL4444, freq: 2417, rank: 49, strength: -8000, data_rate: 7.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "TPL4444" security psk
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'e8:9f:80:16:5e:d9' with SSID: SuperFastW, freq: 5785, rank: 49, strength: -8000, data_rate: 7.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '6c:4b:b4:0d:fa:34' with SSID: ATTgzky2WG, freq: 2417, rank: 49, strength: -8100, data_rate: 7.2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ec:a9:40:dd:8f:e0' with SSID: ATT5fbNia2, freq: 2442, rank: 37, strength: -8500, data_rate: 5.5
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '1a:7b:65:da:63:7a' with SSID: Spectrum Mobile, freq: 5220, rank: 16, strength: -8300, data_rate: 2.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_start_anqp() Not querying AP for ANQP data (disabled)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'f0:7b:65:da:63:7e' with SSID: CHEN, freq: 5220, rank: 16, strength: -8600, data_rate: 2.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Added new Network "CHEN" security psk
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'c2:d2:f3:5e:52:97' with SSID: , freq: 5785, rank: 13, strength: -8500, data_rate: 2.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() BSS has hidden SSID
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS '4e:63:9c:f8:85:dd' with SSID: Spectrum Mobile, freq: 5220, rank: 13, strength: -8800, data_rate: 2.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_start_anqp() Not querying AP for ANQP data (disabled)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_add_seen_bss() Processing BSS 'ee:63:9c:f8:85:dd' with SSID: Fijian Lotus, freq: 5220, rank: 13, strength: -8900, data_rate: 2.0
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:process_network() No remaining BSSs for SSID: ATTZSD3VS2 -- Removing network
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:process_network() No remaining BSSs for SSID: ATTxpqI4Ps -- Removing network
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_start()
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: spg4
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '6c:4b:b4:19:7a:18' freq: 5200, rank: 3546, strength: -4400
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: DIRECTV_WVB_6E9D96DF
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '0c:08:b4:26:c7:56' freq: 5500, rank: 2660, strength: -5800
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT3zFM5gH
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '86:bb:69:e3:2c:c3' freq: 5785, rank: 2128, strength: -6000
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTcVY9ZWa
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '06:9c:27:25:d2:73' freq: 5785, rank: 1596, strength: -6200
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: VIZIOCastAudio3442
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'a6:6a:44:de:13:cd' freq: 2462, rank: 354, strength: -6600
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/wiphy.c:wiphy_select_akm() Network is WPA3-Personal...
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ssidSAE
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: No suitable BSSes found
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: SuperFastW
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'e8:9f:80:16:5e:d8' freq: 5180, rank: 221, strength: -7600
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: 2WIRE811
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'f8:9b:6e:2c:30:48' freq: 5180, rank: 122, strength: -7900
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: SpectrumSetup-AC
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '2c:ea:dc:d6:f4:aa' freq: 2437, rank: 98, strength: -7900
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT4DwP79U
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '44:a5:6e:58:c3:d5' freq: 2462, rank: 75, strength: -8300
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: TPL4444
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '1c:3b:f3:3e:10:cd' freq: 2417, rank: 49, strength: -8000
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: HiltonHead2025
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '10:c4:ca:a6:79:f4' freq: 2432, rank: 49, strength: -8000
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATTgzky2WG
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '6c:4b:b4:0d:fa:34' freq: 2417, rank: 49, strength: -8100
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: ATT5fbNia2
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'ec:a9:40:dd:8f:e0' freq: 2442, rank: 37, strength: -8500
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: Spectrum Mobile
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: '1a:7b:65:da:63:7a' freq: 5220, rank: 16, strength: -8300
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: CHEN
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'f0:7b:65:da:63:7e' freq: 5220, rank: 16, strength: -8600
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: Trying SSID: Fijian Lotus
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: 'ee:63:9c:f8:85:dd' freq: 5220, rank: 13, strength: -8900
May 06 21:27:27 rpi64 iwd[1721587]: src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
May 06 21:27:27 rpi64 iwd[1721587]: src/wiphy.c:wiphy_radio_work_done() Work item 7 done
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Raspberry Pi 5 and WPA3
2024-05-07 2:33 ` KeithG
@ 2024-05-07 11:55 ` James Prestwood
0 siblings, 0 replies; 13+ messages in thread
From: James Prestwood @ 2024-05-07 11:55 UTC (permalink / raw)
To: KeithG; +Cc: Marcel Holtmann, Harry ten Berge, iwd
On 5/6/24 7:33 PM, KeithG wrote:
> On Thu, May 2, 2024 at 9:07 AM James Prestwood <prestwoj@gmail.com> wrote:
>> Hi Keith,
>>
>> On 5/2/24 6:47 AM, KeithG wrote:
>>> James,
>>>
>>> I tried to connect via my Samsung S23 phone and my desktop with an
>>> intel card. The desktop uses iwd 2.17 and when I tried to connect via
>>> iwctl, it did the same thing as the RPi. I suspect my hostapd config,
>>> but do not know. I can try collecting some logs next week on the
>>> desktop and the Pi. Which log do you need? '-d something' or an iwmon
>>> log?
>> Yeah just a -d IWD log. If you want to capture with iwmon that
>> definitely can't hurt. For reference, this is the config we use for one
>> of our SAE autotests:
>>
>> https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/autotests/testSAE/ssidSAE.conf
>>
>>> Keith
>>>
>>> On Thu, May 2, 2024 at 8:09 AM James Prestwood <prestwoj@gmail.com> wrote:
>>>> Hi Keith,
>>>>
>>>> On 5/2/24 5:56 AM, KeithG wrote:
>>>>> On Tue, Apr 30, 2024 at 7:19 AM KeithG <ys3al35l@gmail.com> wrote:
>>>>>> On Tue, Apr 30, 2024 at 6:24 AM James Prestwood <prestwoj@gmail.com> wrote:
>>>>>>> Hi Marcel,
>>>>>>>
>>>>>>> On 4/30/24 12:42 AM, Marcel Holtmann wrote:
>>>>>>>> Hi James,
>>>>>>>>
>>>>>>>>>> I'm not sure this is the right place to ask for some assistance, but
>>>>>>>>>> here we go...
>>>>>>>>>>
>>>>>>>>>> I'm the author for a small Raspberry Pi audio image that is
>>>>>>>>>> specifically targeting Roon.
>>>>>>>>>> If you're not familiair with Roon: it's an audio streaming platform
>>>>>>>>>> targeting audiophiles ;-)
>>>>>>>>>>
>>>>>>>>>> Anyways, about a year ago I switched from wpa_supplicant to iwd, to
>>>>>>>>>> full satisfaction.
>>>>>>>>>> Better and easier integration, and overall a feel of me being in more control.
>>>>>>>>>>
>>>>>>>>>> Now, recently I'm having issues with WPA3 support. This is partly
>>>>>>>>>> related to firmware (it's just so obfuscated how this all works with
>>>>>>>>>> firmware from broadcom and firmware from cypress :-(
>>>>>>>>>>
>>>>>>>>>> And one of those things is that I can't get it to work on the new Pi
>>>>>>>>>> 5. Specifically IWD reporting this:
>>>>>>>>>>
>>>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>>>>>> Network is WPA3-Personal...
>>>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: SAE unsupported: brcmfmac needs
>>>>>>>>>> CMD_EXTERNAL_AUTH for SAE
>>>>>>>>>> Apr 29 17:41:41 ropieee5 iwd[275]: src/wiphy.c:wiphy_select_akm()
>>>>>>>>>> Can't use SAE, trying WPA2
>>>>>>>>>>
>>>>>>>>>> Now, the Pi guys point me to the missing CMD_EXTERNAL_AUTH message and
>>>>>>>>>> advise me to go back to wpa_supplicant. Which is not something I would
>>>>>>>>>> like to do for various reasons...
>>>>>>>>>>
>>>>>>>>>> Do you have any advice for me on what I can do? is this
>>>>>>>>>> CMD_EXTERNAL_AUTH really related to this and are you planning on
>>>>>>>>>> implementing this?
>>>>>>>>> Unfortunately the external auth support is not yet implemented in IWD. The brcmfmac driver itself is rather unique being a fullmac driver. Depending on how you look at it, this on its own is "easier" to support. It handles connecting/roaming all on its own. But then, for some reason, someone didn't want to do SAE/WPA3 on the card itself so they came up with some one-off mechanism to offload that onto userspace. This is one of those things that got put upstream that is a pain for projects like IWD to support IMO. Its something we do need to support eventually, especially given the raspi 5 requires it.
>>>>>>>> if the Broadcom firmware finally would be able to support external_auth,
>>>>>>>> then it would be nice, but as seen on recent linux-wireless discussions,
>>>>>>>> it is unclear who does what. Broadcom wanted to support external_auth,
>>>>>>>> but then Infineon (the new owner) might be rather using SAE as part of
>>>>>>>> the firmware. And actually the chip on the RPi5 marks itself as Cypress
>>>>>>>> and so you it is an unclear story. I think that Raspberry Pi foundation
>>>>>>>> should get their story straight. Until really recently they shipped a
>>>>>>>> firmware that couldn’t do SAE and also their drivers couldn’t even do
>>>>>>>> external_auth and you were stuck with WPA2 only.
>>>>>>>>
>>>>>>>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>>>>>>> I was not aware that it didn't even support it correctly. I figured
>>>>>>> broadcom was who added it in the first place.
>>>>>>>> You can use an upstream firmware from linux-firmware and make the RPi5
>>>>>>>> support WPA3. And as of a few weeks ago, even RPi5 latest Debian was
>>>>>>>> switching to the upstream firmware.
>>>>>>>>
>>>>>>>> On side note, there exists no wpa_supplicant release that really supports
>>>>>>>> SAE offload properly. You need to back port a lot of patches or hope
>>>>>>>> that your distro back ported them for you.
>>>>>>>>
>>>>>>>> We should actually check if nl80211 tells us that external_auth is
>>>>>>>> supported by the driver. And if not (which is the case for the Broadcom
>>>>>>>> upstream driver) send a proper message to users and not lead them into
>>>>>>>> a wild goose chase.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Marcel
>>>>>>>>
>>>>>> FWIW, the most recent update to the RPI Bookworm image has enabled
>>>>>> this capability:
>>>>>> # uname -a
>>>>>> Linux pi5 6.6.28+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1
>>>>>> (2024-04-22) aarch64 GNU/Linux
>>>>>>
>>>>>> # dmesg | grep brcmfmac
>>>>>> [ 2.195263] brcmfmac: F1 signature read @0x18000000=0x15264345
>>>>>> [ 2.209946] brcmfmac: brcmf_fw_alloc_request: using
>>>>>> brcm/brcmfmac43455-sdio for chip BCM4345/6
>>>>>> [ 2.216566] usbcore: registered new interface driver brcmfmac
>>>>>> [ 2.384898] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>>>>>> available (err=-2)
>>>>>> [ 2.385212] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
>>>>>> wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID
>>>>>> 01-996384e2
>>>>>>
>>>>>> # iw list
>>>>>> Wiphy phy0
>>>>>> ...
>>>>>> Supported extended features:
>>>>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>>>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>>>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>>>>> * [ DFS_OFFLOAD ]: DFS offload
>>>>>> * [ SAE_OFFLOAD ]: SAE offload support
>>>>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>>>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>>>>
>>>>>> This was achieved here with a normal 'apt update ; apt upgrade' routine.
>>>>>>
>>>>>> This appears to work for all Pis, now. Even a 32 bit image on a 3b+
>>>>>> with similar hardware:
>>>>>> # uname -a
>>>>>> Linux rpi32 6.6.28+rpt-rpi-v7 #1 SMP Raspbian 1:6.6.28-1+rpt1
>>>>>> (2024-04-22) armv7l GNU/Linux
>>>>>> # iw list
>>>>>> ...
>>>>>> Supported extended features:
>>>>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>>>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>>>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>>>>> * [ DFS_OFFLOAD ]: DFS offload
>>>>>> * [ SAE_OFFLOAD ]: SAE offload support
>>>>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>>>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>>>>
>>>>>> The PiZero2W does not show this capability with the same 64 bit image
>>>>>> running as it has different hardware with different firmware:
>>>>>> # dmesg | grep brcmfmac
>>>>>> [ 6.051393] brcmfmac: F1 signature read @0x18000000=0x1542a9a6
>>>>>> [ 6.077172] brcmfmac: brcmf_fw_alloc_request: using
>>>>>> brcm/brcmfmac43430b0-sdio for chip BCM43430/2
>>>>>> [ 6.080782] usbcore: registered new interface driver brcmfmac
>>>>>> [ 6.476401] brcmfmac: brcmf_c_process_txcap_blob: no txcap_blob
>>>>>> available (err=-2)
>>>>>> [ 6.481953] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43430/2
>>>>>> wl0: Mar 31 2022 17:24:51 version 9.88.4.77 (g58bc5cc) FWID
>>>>>> 01-3b307371
>>>>>>
>>>>>> Keith
>>>>> I got around to testing this a bit tonight. I set up my Pi5 with
>>>>> hostapd and used this /etc/hostapd/hostapd.conf
>>>>>
>>>>> # cat /etc/hostapd/hostapd.conf
>>>>> # interface and driver
>>>>> interface=ap0
>>>>> driver=nl80211
>>>>>
>>>>> # WIFI-Config
>>>>> ssid=SSIDWPA3
>>>>> channel=7
>>>>> hw_mode=g
>>>>> ieee80211n=1
>>>>> wmm_enabled=1
>>>>> macaddr_acl=0
>>>>> auth_algs=1
>>>>> max_num_sta=10
>>>>>
>>>>> wpa=2
>>>>> wpa_key_mgmt=SAE
>>>>> rsn_pairwise=CCMP
>>>>> ieee80211w=2
>>>>> wpa_passphrase=password
>>>>> sae_pwe=2
>>>>>
>>>>> Form the log, it looks like SAE is enabled and ruinning, but I do not
>>>>> know what I am looking at.
>>>>> Using interface ap0 with hwaddr d8:3a:dd:27:6f:a7 and ssid "SSIDWPA3"
>>>>> ...
>>>>> SAE: Derive PT - group 19
>>>>> SAE: SSID - hexdump_ascii(len=8):
>>>>> 53 53 49 44 57 50 41 33 SSIDWPA3
>>>>> SAE: password - hexdump_ascii(len=9): [REMOVED]
>>>>> SAE: pwd-seed - hexdump(len=32): [REMOVED]
>>>>> SAE: pwd-value (u1 P1) - hexdump(len=48): [REMOVED]
>>>>> SAE: u1 - hexdump(len=32): [REMOVED]
>>>>> ...
>>>>>
>>>>> I can 'see' it from my other pi running iwd and on my laptop, but I
>>>>> cannot connect on either. I get nothing in the log. When I type in the
>>>>> password, I get:
>>>>>
>>>>> [iwd]# station wlan0 connect SSIDWPA3
>>>>> Type the network passphrase for SSIDWPA3 psk.
>>>>> Passphrase: *********
>>>>> Operation failed
>>>> We'll need to see some IWD logs to see whats going on. Also, can you
>>>> connect from your phone or some other device?
>>>>
>>>>> Both Pis show that they have what Marcel noted:
>>>>>
>>>>> Supported extended features:
>>>>> * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
>>>>> * [ 4WAY_HANDSHAKE_STA_PSK ]: 4-way handshake with PSK in station mode
>>>>> * [ 4WAY_HANDSHAKE_STA_1X ]: 4-way handshake with 802.1X in station mode
>>>>> * [ DFS_OFFLOAD ]: DFS offload
>>>>> * [ SAE_OFFLOAD ]: SAE offload support
>>>>> * [ 4WAY_HANDSHAKE_AP_PSK ]: AP mode PSK offload support
>>>>> * [ SAE_OFFLOAD_AP ]: AP mode SAE authentication offload support
>>>>>
>>>>> Is my config wrong?
>>>>>
>>>>> The version of iwd I am running is 2.17 built from git with the latest
>>>>> commit as of e3f6a2c. The version if hostapd is:
>>>>> # hostapd -v
>>>>> hostapd v2.10
>>>>> User space daemon for IEEE 802.11 AP management,
>>>>> IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
> James,
>
> I tried this again. a Pi5 running your SAE hostapd.conf and a Pi3b+
> running iwd -d. I get teh same thing on the cli when I try to connect
> and put in the password: "Operation Failed'
> The hostapd config on the Pi5 is:
> # cat /etc/hostapd/hostapd.conf
> # interface and driver
> interface=ap0
> driver=nl80211
>
> # WIFI-Config
> ssid=ssidSAE
> channel=1
> hw_mode=g
>
> wpa=2
> wpa_key_mgmt=SAE
> wpa_pairwise=CCMP
> sae_password=secret123
> sae_groups=19
> ieee80211w=2
> sae_pwe=0
>
> The iwd log from the Pi3b+ is attached.
Could you post the hostapd logs as well if you have them. I haven't
tried WPA3 on a pi3 in a while but I guess it might be time to give it
another round of testing. Could you also try connecting to the WPA3 AP
using a non-IWD device just for sanity?
>
> Keith
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-05-07 11:55 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-29 20:25 Raspberry Pi 5 and WPA3 Harry ten Berge
2024-04-29 21:29 ` James Prestwood
2024-04-30 6:49 ` Harry ten Berge
2024-04-30 7:42 ` Marcel Holtmann
2024-04-30 11:17 ` James Prestwood
2024-04-30 12:19 ` KeithG
2024-04-30 15:42 ` Harry ten Berge
2024-05-02 12:56 ` KeithG
2024-05-02 13:09 ` James Prestwood
2024-05-02 13:47 ` KeithG
2024-05-02 14:07 ` James Prestwood
2024-05-07 2:33 ` KeithG
2024-05-07 11:55 ` James Prestwood
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.