[RFC PATCH v1 0/2] External Auth support

[RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

This series implements External Auth support on Full MAC cards that do
not support SAE offload.  I have not been able to test this fully since
the brcmfmac firmware on the RPi 5 does not actually work properly.
Maybe some enterprising person can test it on a firmware that does work?

Denis Kenzior (2):
  netdev: external auth support
  sae: Allow ability to force Group 19 / Hunt and Peck

 src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
 src/nl80211util.c |   4 +-
 src/sae.c         |  20 ++++
 src/sae.h         |   3 +
 src/wiphy.c       |  19 ++--
 5 files changed, 263 insertions(+), 41 deletions(-)

-- 
2.45.2

[RFC PATCH v1 1/2] netdev: external auth support

[Denis Kenzior]

Certain FullMAC drivers do not expose CMD_ASSOCIATE/CMD_AUTHENTICATE,
but lack the ability to fully offload SAE connections to the firmware.
Such connections can still be supported on such firmware by using
CMD_EXTERNAL_AUTH & CMD_FRAME.  The firmware sets the
NL80211_FEATURE_SAE bit (which implies support for CMD_AUTHENTICATE, but
oh well), and no other offload extended features.

When CMD_CONNECT is issued, the firmware sends CMD_EXTERNAL_AUTH via
unicast to the owner of the connection.  The connection owner is then
expected to send SAE frames with the firmware using CMD_FRAME and
receive authenticate frames using unicast CMD_FRAME notifications as
well.  Once SAE authentication completes, userspace is expected to
send a final CMD_EXTERNAL_AUTH back to the kernel with the corresponding
status code.  On failure, a non-0 status code should be used.

Note that for historical reasons, SAE AKM sent in CMD_EXTERNAL_AUTH is
given in big endian order, not CPU order as is expected!
---
 src/netdev.c      | 255 +++++++++++++++++++++++++++++++++++++++++-----
 src/nl80211util.c |   4 +-
 src/wiphy.c       |  19 ++--
 3 files changed, 237 insertions(+), 41 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 494e46a59de2..a1342d1bef94 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -187,6 +187,7 @@ struct netdev {
 	bool retry_auth : 1;
 	bool in_reassoc : 1;
 	bool privacy : 1;
+	bool external_auth : 1;
 };
 
 struct netdev_preauth_state {
@@ -815,6 +816,7 @@ static void netdev_connect_free(struct netdev *netdev)
 	netdev->expect_connect_failure = false;
 	netdev->cur_rssi_low = false;
 	netdev->privacy = false;
+	netdev->external_auth = false;
 
 	if (netdev->connect_cmd) {
 		l_genl_msg_unref(netdev->connect_cmd);
@@ -2454,7 +2456,10 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
 
 	switch (nhs->type) {
 	case CONNECTION_TYPE_SOFTMAC:
+		break;
 	case CONNECTION_TYPE_FULLMAC:
+		l_genl_msg_append_attr(msg,
+				NL80211_ATTR_EXTERNAL_AUTH_SUPPORT, 0, NULL);
 		break;
 	case CONNECTION_TYPE_SAE_OFFLOAD:
 		l_genl_msg_append_attr(msg, NL80211_ATTR_SAE_PASSWORD,
@@ -3368,6 +3373,77 @@ static void netdev_fils_tx_associate(struct iovec *fils_iov, size_t n_fils_iov,
 	}
 }
 
+static void netdev_external_auth_frame_cb(struct l_genl_msg *msg,
+							void *user_data)
+{
+	int error = l_genl_msg_get_error(msg);
+
+	if (error < 0)
+		l_debug("Failed to send External Auth Frame: %s(%d)",
+				strerror(-error), -error);
+}
+
+static void netdev_external_auth_sae_tx_authenticate(const uint8_t *body,
+					size_t body_len, void *user_data)
+{
+	struct netdev *netdev = user_data;
+	struct handshake_state *hs = netdev->handshake;
+	uint16_t frame_type = MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION << 4;
+	struct iovec iov[2];
+	struct l_genl_msg *msg;
+	uint8_t algorithm[2] = { 0x03, 0x00 };
+
+	l_debug("");
+
+	iov[0].iov_base = &algorithm;
+	iov[0].iov_len = sizeof(algorithm);
+	iov[1].iov_base = (void *) body;
+	iov[1].iov_len = body_len;
+
+	msg = nl80211_build_cmd_frame(netdev->index, frame_type,
+					hs->spa, hs->aa, 0, iov, 2);
+
+	if (l_genl_family_send(nl80211, msg, netdev_external_auth_frame_cb,
+				netdev, NULL) > 0)
+		return;
+
+	l_genl_msg_unref(msg);
+}
+
+static void netdev_external_auth_cb(struct l_genl_msg *msg, void *user_data)
+{
+	int error = l_genl_msg_get_error(msg);
+
+	if (error < 0)
+		l_debug("Failed to send External Auth: %s(%d)",
+				strerror(-error), -error);
+}
+
+static void netdev_send_external_auth(struct netdev *netdev,
+							uint16_t status_code)
+{
+	struct handshake_state *hs = netdev->handshake;
+	struct l_genl_msg *msg =
+		nl80211_build_external_auth(netdev->index, status_code,
+						hs->ssid, hs->ssid_len, hs->aa);
+
+	if (l_genl_family_send(nl80211, msg, netdev_external_auth_cb,
+				netdev, NULL) > 0)
+		return;
+
+	l_genl_msg_unref(msg);
+}
+
+static void netdev_external_auth_sae_tx_associate(void *user_data)
+{
+	struct netdev *netdev = user_data;
+
+	l_debug("");
+
+	netdev_send_external_auth(netdev, MMPDU_STATUS_CODE_SUCCESS);
+	netdev_ensure_eapol_registered(netdev);
+}
+
 struct rtnl_data {
 	struct netdev *netdev;
 	uint8_t addr[ETH_ALEN];
@@ -3376,6 +3452,10 @@ struct rtnl_data {
 
 static int netdev_begin_connection(struct netdev *netdev)
 {
+	struct netdev_handshake_state *nhs =
+		l_container_of(netdev->handshake,
+				struct netdev_handshake_state, super);
+
 	if (netdev->connect_cmd) {
 		netdev->connect_cmd_id = l_genl_family_send(nl80211,
 						netdev->connect_cmd,
@@ -3395,7 +3475,7 @@ static int netdev_begin_connection(struct netdev *netdev)
 	 */
 	handshake_state_set_supplicant_address(netdev->handshake, netdev->addr);
 
-	if (netdev->ap) {
+	if (netdev->ap && nhs->type == CONNECTION_TYPE_SOFTMAC) {
 		if (!auth_proto_start(netdev->ap))
 			goto failed;
 
@@ -3770,7 +3850,11 @@ static int netdev_handshake_state_setup_connection_type(
 		if (softmac && wiphy_has_feature(wiphy, NL80211_FEATURE_SAE))
 			goto softmac;
 
-		return -EINVAL;
+		/* FullMAC uses EXTERNAL_AUTH and reuses this feature bit */
+		if (wiphy_has_feature(wiphy, NL80211_FEATURE_SAE))
+			goto fullmac;
+
+		return -ENOTSUP;
 	case IE_RSN_AKM_SUITE_FILS_SHA256:
 	case IE_RSN_AKM_SUITE_FILS_SHA384:
 	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
@@ -3841,40 +3925,43 @@ static void netdev_connect_common(struct netdev *netdev,
 		goto done;
 	}
 
-	if (nhs->type != CONNECTION_TYPE_SOFTMAC)
+	if (!IE_AKM_IS_SAE(hs->akm_suite) ||
+				nhs->type == CONNECTION_TYPE_SAE_OFFLOAD)
 		goto build_cmd_connect;
 
-	switch (hs->akm_suite) {
-	case IE_RSN_AKM_SUITE_SAE_SHA256:
-	case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
+	if (nhs->type == CONNECTION_TYPE_SOFTMAC)
 		netdev->ap = sae_sm_new(hs, netdev_sae_tx_authenticate,
-						netdev_sae_tx_associate,
-						netdev);
-
-		if (sae_sm_is_h2e(netdev->ap)) {
-			uint8_t own_rsnxe[20];
-
-			if (wiphy_get_rsnxe(netdev->wiphy,
-					own_rsnxe, sizeof(own_rsnxe))) {
-				set_bit(own_rsnxe + 2, IE_RSNX_SAE_H2E);
-				handshake_state_set_supplicant_rsnxe(hs,
-								own_rsnxe);
-			}
+					netdev_sae_tx_associate,
+					netdev);
+	else
+		netdev->ap =
+			sae_sm_new(hs, netdev_external_auth_sae_tx_authenticate,
+					netdev_external_auth_sae_tx_associate,
+					netdev);
+
+	if (sae_sm_is_h2e(netdev->ap)) {
+		uint8_t own_rsnxe[20];
+
+		if (wiphy_get_rsnxe(netdev->wiphy,
+				own_rsnxe, sizeof(own_rsnxe))) {
+			set_bit(own_rsnxe + 2, IE_RSNX_SAE_H2E);
+			handshake_state_set_supplicant_rsnxe(hs,
+							own_rsnxe);
 		}
+	}
+
+	if (nhs->type == CONNECTION_TYPE_SOFTMAC)
+		goto done;
 
-		break;
-	default:
 build_cmd_connect:
-		cmd_connect = netdev_build_cmd_connect(netdev, hs, prev_bssid);
+	cmd_connect = netdev_build_cmd_connect(netdev, hs, prev_bssid);
 
-		if (!is_offload(hs) && (is_rsn || hs->settings_8021x)) {
-			sm = eapol_sm_new(hs);
+	if (!is_offload(hs) && (is_rsn || hs->settings_8021x)) {
+		sm = eapol_sm_new(hs);
 
-			if (nhs->type == CONNECTION_TYPE_8021X_OFFLOAD)
-				eapol_sm_set_require_handshake(sm, false);
-		}
+		if (nhs->type == CONNECTION_TYPE_8021X_OFFLOAD)
+			eapol_sm_set_require_handshake(sm, false);
 	}
-
 done:
 	netdev->connect_cmd = cmd_connect;
 	netdev->event_filter = event_filter;
@@ -4379,6 +4466,52 @@ static void netdev_qos_map_frame_event(const struct mmpdu_header *hdr,
 	netdev_send_qos_map_set(netdev, body + 4, body_len - 4);
 }
 
+static void netdev_sae_external_auth_frame_event(const struct mmpdu_header *hdr,
+					const void *body, size_t body_len,
+					int rssi, void *user_data)
+{
+	struct netdev *netdev = user_data;
+	const struct mmpdu_authentication *auth;
+	uint16_t status_code = MMPDU_STATUS_CODE_UNSPECIFIED;
+	int ret;
+
+	if (!netdev->external_auth)
+		return;
+
+	if (!netdev->ap)
+		return;
+
+	auth = mmpdu_body(hdr);
+	/*
+	 * Allows station to persist settings so it does not retry
+	 * the higher order ECC group again
+	 */
+	if (L_CPU_TO_LE16(auth->status) ==
+			MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP &&
+			netdev->event_filter)
+		netdev->event_filter(netdev, NETDEV_EVENT_ECC_GROUP_RETRY,
+					NULL, netdev->user_data);
+
+	ret = auth_proto_rx_authenticate(netdev->ap, (const void *) hdr,
+					mmpdu_header_len(hdr) + body_len);
+
+	switch (ret) {
+	case 0:
+	case -EAGAIN:
+		return;
+	case -ENOMSG:
+	case -EBADMSG:
+		return;
+	default:
+		break;
+	}
+
+	if (ret > 0)
+		status_code = (uint16_t)ret;
+
+	netdev_send_external_auth(netdev, status_code);
+}
+
 static void netdev_preauth_cb(const uint8_t *pmk, void *user_data)
 {
 	struct netdev_preauth_state *preauth = user_data;
@@ -5203,6 +5336,63 @@ static void netdev_control_port_frame_event(struct l_genl_msg *msg,
 						frame, frame_len, unencrypted);
 }
 
+static void netdev_external_auth_event(struct l_genl_msg *msg,
+							struct netdev *netdev)
+{
+	const uint8_t *bssid;
+	struct iovec ssid;
+	uint32_t akm;
+	uint32_t action;
+	struct handshake_state *hs = netdev->handshake;
+
+	if (L_WARN_ON(nl80211_parse_attrs(msg, NL80211_ATTR_AKM_SUITES, &akm,
+				NL80211_ATTR_EXTERNAL_AUTH_ACTION, &action,
+				NL80211_ATTR_BSSID, &bssid,
+				NL80211_ATTR_SSID, &ssid,
+				NL80211_ATTR_UNSPEC) < 0))
+		return;
+
+	if (!L_IN_SET(action, NL80211_EXTERNAL_AUTH_START,
+				NL80211_EXTERNAL_AUTH_ABORT))
+		return;
+
+	/* kernel sends SAE_SHA256 AKM in BE order for legacy reasons */
+	if (!L_IN_SET(akm, CRYPTO_AKM_SAE_SHA256, CRYPTO_AKM_FT_OVER_SAE_SHA256,
+				L_CPU_TO_BE32(CRYPTO_AKM_SAE_SHA256))) {
+		l_warn("Unknown AKM: %08x", akm);
+		return;
+	}
+
+	if (action == NL80211_EXTERNAL_AUTH_ABORT) {
+		iwd_notice(IWD_NOTICE_CONNECT_INFO, "External Auth Aborted");
+		goto error;
+	}
+
+	iwd_notice(IWD_NOTICE_CONNECT_INFO,
+			"External Auth to SSID: %s, bssid: "MAC,
+			util_ssid_to_utf8(ssid.iov_len, ssid.iov_base),
+			MAC_STR(bssid));
+
+	if (hs->ssid_len != ssid.iov_len ||
+			memcmp(hs->ssid, ssid.iov_base, hs->ssid_len)) {
+		iwd_notice(IWD_NOTICE_CONNECT_INFO, "Target SSID mismatch");
+		goto error;
+	}
+
+	if (memcmp(hs->aa, bssid, ETH_ALEN)) {
+		iwd_notice(IWD_NOTICE_CONNECT_INFO, "Target BSSID mismatch");
+		goto error;
+	}
+
+	if (auth_proto_start(netdev->ap)) {
+		netdev->external_auth = true;
+		return;
+	}
+
+error:
+	netdev_send_external_auth(netdev, MMPDU_STATUS_CODE_UNSPECIFIED);
+}
+
 static void netdev_unicast_notify(struct l_genl_msg *msg, void *user_data)
 {
 	struct netdev *netdev = NULL;
@@ -5240,6 +5430,9 @@ static void netdev_unicast_notify(struct l_genl_msg *msg, void *user_data)
 	case NL80211_CMD_CONTROL_PORT_FRAME:
 		netdev_control_port_frame_event(msg, netdev);
 		break;
+	case NL80211_CMD_EXTERNAL_AUTH:
+		netdev_external_auth_event(msg, netdev);
+		break;
 	}
 }
 
@@ -5412,6 +5605,7 @@ static void netdev_add_station_frame_watches(struct netdev *netdev)
 	static const uint8_t action_ft_response_prefix[] =  { 0x06, 0x02 };
 	static const uint8_t auth_ft_response_prefix[] = { 0x02, 0x00 };
 	static const uint8_t action_qos_map_prefix[] = { 0x01, 0x04 };
+	static const uint8_t auth_sae_prefix[] = { 0x03, 0x00 };
 	uint64_t wdev = netdev->wdev_id;
 
 	/* Subscribe to Management -> Action -> RM -> Neighbor Report frames */
@@ -5439,6 +5633,13 @@ static void netdev_add_station_frame_watches(struct netdev *netdev)
 		frame_watch_add(wdev, 0, 0x00d0, action_qos_map_prefix,
 				sizeof(action_qos_map_prefix),
 				netdev_qos_map_frame_event, netdev, NULL);
+
+	if (!wiphy_supports_cmds_auth_assoc(netdev->wiphy) &&
+			wiphy_has_feature(netdev->wiphy, NL80211_FEATURE_SAE))
+		frame_watch_add(wdev, 0, 0x00b0,
+				auth_sae_prefix, sizeof(auth_sae_prefix),
+				netdev_sae_external_auth_frame_event,
+				netdev, NULL);
 }
 
 static void netdev_setup_interface(struct netdev *netdev)
diff --git a/src/nl80211util.c b/src/nl80211util.c
index fcf70b9f1740..7590f90cd057 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -648,7 +648,9 @@ struct l_genl_msg *nl80211_build_cmd_frame(uint32_t ifindex,
 	msg = l_genl_msg_new_sized(NL80211_CMD_FRAME, 128 + 512);
 
 	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4, &freq);
+
+	if (freq)
+		l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4, &freq);
 	l_genl_msg_append_attrv(msg, NL80211_ATTR_FRAME, iovs, iov_len + 1);
 
 	return msg;
diff --git a/src/wiphy.c b/src/wiphy.c
index 13d498a5cd0c..1ab2f3f75382 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -229,29 +229,22 @@ static bool wiphy_can_connect_sae(struct wiphy *wiphy)
 	 *    cards the entire SAE protocol as well as the subsequent 4-way
 	 *    handshake are all done in the driver/firmware (fullMAC).
 	 *
-	 * 3. TODO: Cards which allow SAE in userspace via CMD_EXTERNAL_AUTH.
+	 * 3. Cards which allow SAE in userspace via CMD_EXTERNAL_AUTH.
 	 *    These cards do not support AUTH/ASSOC commands but do implement
 	 *    CMD_EXTERNAL_AUTH which is supposed to allow userspace to
-	 *    generate Authenticate frames as it would for case (1). As it
-	 *    stands today only one driver actually uses CMD_EXTERNAL_AUTH and
-	 *    for now IWD will not allow connections to SAE networks using this
-	 *    mechanism.
+	 *    generate Authenticate frames as it would for case (1).
 	 */
-
 	if (wiphy_has_feature(wiphy, NL80211_FEATURE_SAE)) {
 		/* Case (1) */
 		if (wiphy->support_cmds_auth_assoc)
 			return true;
 
-		/*
-		 * Case (3)
-		 *
-		 * TODO: No support for CMD_EXTERNAL_AUTH yet.
-		 */
-		l_warn("SAE unsupported: %s needs CMD_EXTERNAL_AUTH for SAE",
+		/* Case 3 */
+		iwd_notice(IWD_NOTICE_CONNECT_INFO,
+			"FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
 			wiphy->driver_str);
 
-		return false;
+		return true;
 	}
 
 	/* Case (2) */
-- 
2.45.2

Re: [RFC PATCH v1 1/2] netdev: external auth support

[James Prestwood]

Hi Denis,

<snip>
> +
> +	if (action == NL80211_EXTERNAL_AUTH_ABORT) {
> +		iwd_notice(IWD_NOTICE_CONNECT_INFO, "External Auth Aborted");

I know this is just an RFC, and maybe you just used iwd_notice() as a 
debugging mechanism but the intent was to only use the notice prints 
with comma separated key/value pairs to easily be parsed by tooling. For 
these connect failures we already have IWD_NOTICE_CONNECT_FAILED:

iwd_notice(IWD_NOTICE_CONNECT_FAILED, "reason: ext-auth-aborted");

> +		goto error;
> +	}
> +
> +	iwd_notice(IWD_NOTICE_CONNECT_INFO,
> +			"External Auth to SSID: %s, bssid: "MAC,
> +			util_ssid_to_utf8(ssid.iov_len, ssid.iov_base),
> +			MAC_STR(bssid));
This one does fit into the connect info category, but we already print 
this info in __station_connect_network(), granted no info about external 
auth but I don't think that is really important for the context of 
iwd_notice().
> +
> +	if (hs->ssid_len != ssid.iov_len ||
> +			memcmp(hs->ssid, ssid.iov_base, hs->ssid_len)) {
> +		iwd_notice(IWD_NOTICE_CONNECT_INFO, "Target SSID mismatch");
> +		goto error;
> +	}
> +
> +	if (memcmp(hs->aa, bssid, ETH_ALEN)) {
> +		iwd_notice(IWD_NOTICE_CONNECT_INFO, "Target BSSID mismatch");
> +		goto error;
> +	}

iwd_notice(IWD_NOTICE_CONNECT_FAILED, "reason: ssid-mismatch");

iwd_notice(IWD_NOTICE_CONNECT_FAILED, "reason: bssid-mismatch");

> +		/* Case 3 */
> +		iwd_notice(IWD_NOTICE_CONNECT_INFO,
> +			"FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
>   			wiphy->driver_str);

This could be useful, but probably as a separate event and maybe during 
wiphy dumping?

iwd_notice(IWD_NOTICE_DRIVER_INFO, "name: brcmfmac, type: fullmac, sae: 
ext-auth");

Thanks,

James

[RFC PATCH v1 2/2] sae: Allow ability to force Group 19 / Hunt and Peck

[Denis Kenzior]

---
 src/netdev.c |  5 ++++-
 src/sae.c    | 20 ++++++++++++++++++++
 src/sae.h    |  3 +++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index a1342d1bef94..5bc055acacfe 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3933,11 +3933,14 @@ static void netdev_connect_common(struct netdev *netdev,
 		netdev->ap = sae_sm_new(hs, netdev_sae_tx_authenticate,
 					netdev_sae_tx_associate,
 					netdev);
-	else
+	else {
 		netdev->ap =
 			sae_sm_new(hs, netdev_external_auth_sae_tx_authenticate,
 					netdev_external_auth_sae_tx_associate,
 					netdev);
+		sae_sm_force_default_group(netdev->ap);
+		sae_sm_force_hunt_and_peck(netdev->ap);
+	}
 
 	if (sae_sm_is_h2e(netdev->ap)) {
 		uint8_t own_rsnxe[20];
diff --git a/src/sae.c b/src/sae.c
index 97c0af052f14..eb4634848afa 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1550,6 +1550,26 @@ struct auth_proto *sae_sm_new(struct handshake_state *hs,
 	return &sm->ap;
 }
 
+bool sae_sm_force_hunt_and_peck(struct auth_proto *ap)
+{
+	struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
+
+	sae_debug("Forcing SAE Hunting and Pecking");
+	sm->sae_type = CRYPTO_SAE_LOOPING;
+
+	return true;
+}
+
+bool sae_sm_force_default_group(struct auth_proto *ap)
+{
+	struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
+
+	sae_debug("Forcing Default Group");
+	sm->force_default_group = true;
+
+	return true;
+}
+
 static int sae_init(void)
 {
 	if (getenv("IWD_SAE_DEBUG"))
diff --git a/src/sae.h b/src/sae.h
index 668d084f3402..4a59999bfba0 100644
--- a/src/sae.h
+++ b/src/sae.h
@@ -34,3 +34,6 @@ struct auth_proto *sae_sm_new(struct handshake_state *hs,
 				sae_tx_authenticate_func_t tx_auth,
 				sae_tx_associate_func_t tx_assoc,
 				void *user_data);
+
+bool sae_sm_force_hunt_and_peck(struct auth_proto *ap);
+bool sae_sm_force_default_group(struct auth_proto *ap);
-- 
2.45.2

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

Denis,


On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> This series implements External Auth support on Full MAC cards that do
> not support SAE offload.  I have not been able to test this fully since
> the brcmfmac firmware on the RPi 5 does not actually work properly.
> Maybe some enterprising person can test it on a firmware that does work?
>
> Denis Kenzior (2):
>   netdev: external auth support
>   sae: Allow ability to force Group 19 / Hunt and Peck
>
>  src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
>  src/nl80211util.c |   4 +-
>  src/sae.c         |  20 ++++
>  src/sae.h         |   3 +
>  src/wiphy.c       |  19 ++--
>  5 files changed, 263 insertions(+), 41 deletions(-)
>
> --
> 2.45.2
>
>
I was watching for this. I built iwd from git and tried it on my Pi5.
As you said, it did not work:

Aug 23 19:24:29 pi5 iwd[16297]: SAE unsupported: brcmfmac needs
CMD_EXTERNAL_AUTH for SAE
Aug 23 19:24:29 pi5 iwd[16297]: src/wiphy.c:wiphy_select_akm() Can't
use SAE, trying WPA2
Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_disconnect() agent
:1.471 disconnected
Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_free() agent free
0x5555946ddaf0

I believe this is the latest firmware from Infineon for the RPi fmac cards:
Firmware: BCM4345/6 wl0: Aug 29 2023 01:47:08 version 7.45.265
(28bca26 CY) FWID 01-b677b91b
Firmware: BCM43430/1 wl0: Jun 14 2023 07:27:45 version 7.45.96.s1
(gf031a129) FWID 01-70bd2af7 es7

I know there are a number of fmac cards. Does the firmware on these
work differently to other brcmfmac cards? Do all of them use
CMD_EXTERNAL_AUTH?

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

Hi Keith,

On 8/23/24 7:38 PM, KeithG wrote:
> Denis,
> 
> 
> On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
>>
>> This series implements External Auth support on Full MAC cards that do
>> not support SAE offload.  I have not been able to test this fully since
>> the brcmfmac firmware on the RPi 5 does not actually work properly.
>> Maybe some enterprising person can test it on a firmware that does work?
>>
>> Denis Kenzior (2):
>>    netdev: external auth support
>>    sae: Allow ability to force Group 19 / Hunt and Peck
>>
>>   src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
>>   src/nl80211util.c |   4 +-
>>   src/sae.c         |  20 ++++
>>   src/sae.h         |   3 +
>>   src/wiphy.c       |  19 ++--
>>   5 files changed, 263 insertions(+), 41 deletions(-)
>>
>> --
>> 2.45.2
>>
>>
> I was watching for this. I built iwd from git and tried it on my Pi5.
> As you said, it did not work:
> 
> Aug 23 19:24:29 pi5 iwd[16297]: SAE unsupported: brcmfmac needs
> CMD_EXTERNAL_AUTH for SAE

I don't think you applied the patch correctly.  You should see:

+               /* Case 3 */
+               iwd_notice(IWD_NOTICE_CONNECT_INFO,
+                       "FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
                         wiphy->driver_str);

> Aug 23 19:24:29 pi5 iwd[16297]: src/wiphy.c:wiphy_select_akm() Can't
> use SAE, trying WPA2
> Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_disconnect() agent
> :1.471 disconnected
> Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_free() agent free
> 0x5555946ddaf0
> 
> I believe this is the latest firmware from Infineon for the RPi fmac cards:
> Firmware: BCM4345/6 wl0: Aug 29 2023 01:47:08 version 7.45.265
> (28bca26 CY) FWID 01-b677b91b
> Firmware: BCM43430/1 wl0: Jun 14 2023 07:27:45 version 7.45.96.s1
> (gf031a129) FWID 01-70bd2af7 es7
> 
> I know there are a number of fmac cards. Does the firmware on these
> work differently to other brcmfmac cards? Do all of them use
> CMD_EXTERNAL_AUTH?

No idea.  All other brcmfmac cards used SAE offload.  Cypress firmware seems to 
have gone with EXTERNAL_AUTH.  Not sure about other full mac cards.  I can see 
references to EXTERNAL_AUTH in two upstream drivers:

[denkenz@archdev linux]$ grep -R "cfg80211_external_auth_request" *
drivers/net/wireless/microchip/wilc1000/hif.c: 
cfg80211_external_auth_request(vif->ndev, &vif->auth,
drivers/net/wireless/quantenna/qtnfmac/event.c:	ret = 
cfg80211_external_auth_request(vif->netdev, &auth, GFP_KERNEL);

But the hardware seems to be unobtanium.  Maybe others can report what other 
solutions use EXTERNAL_AUTH?  Maybe Pinephone?

Regards,
-Denis

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Fri, Aug 23, 2024 at 10:21 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Keith,
>
> On 8/23/24 7:38 PM, KeithG wrote:
> > Denis,
> >
> >
> > On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
> >>
> >> This series implements External Auth support on Full MAC cards that do
> >> not support SAE offload.  I have not been able to test this fully since
> >> the brcmfmac firmware on the RPi 5 does not actually work properly.
> >> Maybe some enterprising person can test it on a firmware that does work?
> >>
> >> Denis Kenzior (2):
> >>    netdev: external auth support
> >>    sae: Allow ability to force Group 19 / Hunt and Peck
> >>
> >>   src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
> >>   src/nl80211util.c |   4 +-
> >>   src/sae.c         |  20 ++++
> >>   src/sae.h         |   3 +
> >>   src/wiphy.c       |  19 ++--
> >>   5 files changed, 263 insertions(+), 41 deletions(-)
> >>
> >> --
> >> 2.45.2
> >>
> >>
> > I was watching for this. I built iwd from git and tried it on my Pi5.
> > As you said, it did not work:
> >
> > Aug 23 19:24:29 pi5 iwd[16297]: SAE unsupported: brcmfmac needs
> > CMD_EXTERNAL_AUTH for SAE
>
> I don't think you applied the patch correctly.  You should see:
>
> +               /* Case 3 */
> +               iwd_notice(IWD_NOTICE_CONNECT_INFO,
> +                       "FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
>                          wiphy->driver_str);
>
> > Aug 23 19:24:29 pi5 iwd[16297]: src/wiphy.c:wiphy_select_akm() Can't
> > use SAE, trying WPA2
> > Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_disconnect() agent
> > :1.471 disconnected
> > Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_free() agent free
> > 0x5555946ddaf0
> >
> > I believe this is the latest firmware from Infineon for the RPi fmac cards:
> > Firmware: BCM4345/6 wl0: Aug 29 2023 01:47:08 version 7.45.265
> > (28bca26 CY) FWID 01-b677b91b
> > Firmware: BCM43430/1 wl0: Jun 14 2023 07:27:45 version 7.45.96.s1
> > (gf031a129) FWID 01-70bd2af7 es7
> >
> > I know there are a number of fmac cards. Does the firmware on these
> > work differently to other brcmfmac cards? Do all of them use
> > CMD_EXTERNAL_AUTH?
>
> No idea.  All other brcmfmac cards used SAE offload.  Cypress firmware seems to
> have gone with EXTERNAL_AUTH.  Not sure about other full mac cards.  I can see
> references to EXTERNAL_AUTH in two upstream drivers:
>
> [denkenz@archdev linux]$ grep -R "cfg80211_external_auth_request" *
> drivers/net/wireless/microchip/wilc1000/hif.c:
> cfg80211_external_auth_request(vif->ndev, &vif->auth,
> drivers/net/wireless/quantenna/qtnfmac/event.c: ret =
> cfg80211_external_auth_request(vif->netdev, &auth, GFP_KERNEL);
>
> But the hardware seems to be unobtanium.  Maybe others can report what other
> solutions use EXTERNAL_AUTH?  Maybe Pinephone?
>
> Regards,
> -Denis

Denis,

Sorry, I mis-read and assumed it was committed to git and not a patch.
I created the 2 patches and built it again.

iwctl looks like it is trying something:
[iwd]# station wlan0 connect deskSAE
Type the network passphrase for deskSAE psk.
Passphrase: *********
[iwd]#

but it never connects. I do notice that connman thinks it is up and
assigns a 169.254.x.x address

Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
is WPA3-Personal...
Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Aug 24 11:18:06 pi5 iwd[28085]:
src/network.c:network_generate_sae_pt() Generating PT for Group 19
Aug 24 11:18:06 pi5 iwd[28085]:
src/network.c:network_generate_sae_pt() Generating PT for Group 20
Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
is WPA3-Personal...
Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
Inserting work item 4
Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
Starting work item 4
Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
new: connecting
Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
Stopping periodic scan for wdev 1
Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
configuration
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
Unicast notification External Auth(127)
Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
Aug 24 11:18:06 pi5 iwd[28085]:
src/netdev.c:netdev_external_auth_sae_tx_authenticate()
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
notification Frame TX Status(60)
Aug 24 11:18:06 pi5 iwd[28085]:
src/netdev.c:netdev_external_auth_sae_tx_authenticate()
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
Unicast notification Frame(59)
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
notification Frame TX Status(60)
Aug 24 11:18:06 pi5 iwd[28085]:
src/netdev.c:netdev_external_auth_sae_tx_associate()
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
Unicast notification Frame(59)
Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
Failed to send External Auth: Invalid exchange(52)
Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
169.254.242.107/16 label wlan0 family 2


Need a log of some sort or is this adequate?

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Sat, Aug 24, 2024 at 11:20 AM KeithG <ys3al35l@gmail.com> wrote:
>
> On Fri, Aug 23, 2024 at 10:21 PM Denis Kenzior <denkenz@gmail.com> wrote:
> >
> > Hi Keith,
> >
> > On 8/23/24 7:38 PM, KeithG wrote:
> > > Denis,
> > >
> > >
> > > On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
> > >>
> > >> This series implements External Auth support on Full MAC cards that do
> > >> not support SAE offload.  I have not been able to test this fully since
> > >> the brcmfmac firmware on the RPi 5 does not actually work properly.
> > >> Maybe some enterprising person can test it on a firmware that does work?
> > >>
> > >> Denis Kenzior (2):
> > >>    netdev: external auth support
> > >>    sae: Allow ability to force Group 19 / Hunt and Peck
> > >>
> > >>   src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
> > >>   src/nl80211util.c |   4 +-
> > >>   src/sae.c         |  20 ++++
> > >>   src/sae.h         |   3 +
> > >>   src/wiphy.c       |  19 ++--
> > >>   5 files changed, 263 insertions(+), 41 deletions(-)
> > >>
> > >> --
> > >> 2.45.2
> > >>
> > >>
> > > I was watching for this. I built iwd from git and tried it on my Pi5.
> > > As you said, it did not work:
> > >
> > > Aug 23 19:24:29 pi5 iwd[16297]: SAE unsupported: brcmfmac needs
> > > CMD_EXTERNAL_AUTH for SAE
> >
> > I don't think you applied the patch correctly.  You should see:
> >
> > +               /* Case 3 */
> > +               iwd_notice(IWD_NOTICE_CONNECT_INFO,
> > +                       "FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
> >                          wiphy->driver_str);
> >
> > > Aug 23 19:24:29 pi5 iwd[16297]: src/wiphy.c:wiphy_select_akm() Can't
> > > use SAE, trying WPA2
> > > Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_disconnect() agent
> > > :1.471 disconnected
> > > Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_free() agent free
> > > 0x5555946ddaf0
> > >
> > > I believe this is the latest firmware from Infineon for the RPi fmac cards:
> > > Firmware: BCM4345/6 wl0: Aug 29 2023 01:47:08 version 7.45.265
> > > (28bca26 CY) FWID 01-b677b91b
> > > Firmware: BCM43430/1 wl0: Jun 14 2023 07:27:45 version 7.45.96.s1
> > > (gf031a129) FWID 01-70bd2af7 es7
> > >
> > > I know there are a number of fmac cards. Does the firmware on these
> > > work differently to other brcmfmac cards? Do all of them use
> > > CMD_EXTERNAL_AUTH?
> >
> > No idea.  All other brcmfmac cards used SAE offload.  Cypress firmware seems to
> > have gone with EXTERNAL_AUTH.  Not sure about other full mac cards.  I can see
> > references to EXTERNAL_AUTH in two upstream drivers:
> >
> > [denkenz@archdev linux]$ grep -R "cfg80211_external_auth_request" *
> > drivers/net/wireless/microchip/wilc1000/hif.c:
> > cfg80211_external_auth_request(vif->ndev, &vif->auth,
> > drivers/net/wireless/quantenna/qtnfmac/event.c: ret =
> > cfg80211_external_auth_request(vif->netdev, &auth, GFP_KERNEL);
> >
> > But the hardware seems to be unobtanium.  Maybe others can report what other
> > solutions use EXTERNAL_AUTH?  Maybe Pinephone?
> >
> > Regards,
> > -Denis
>
> Denis,
>
> Sorry, I mis-read and assumed it was committed to git and not a patch.
> I created the 2 patches and built it again.
>
> iwctl looks like it is trying something:
> [iwd]# station wlan0 connect deskSAE
> Type the network passphrase for deskSAE psk.
> Passphrase: *********
> [iwd]#
>
> but it never connects. I do notice that connman thinks it is up and
> assigns a 169.254.x.x address
>
> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> is WPA3-Personal...
> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> Aug 24 11:18:06 pi5 iwd[28085]:
> src/network.c:network_generate_sae_pt() Generating PT for Group 19
> Aug 24 11:18:06 pi5 iwd[28085]:
> src/network.c:network_generate_sae_pt() Generating PT for Group 20
> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> is WPA3-Personal...
> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
> Inserting work item 4
> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
> Starting work item 4
> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
> bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
> Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
> new: connecting
> Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
> Stopping periodic scan for wdev 1
> Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
> Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
> configuration
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> Unicast notification External Auth(127)
> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
> Aug 24 11:18:06 pi5 iwd[28085]:
> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> notification Frame TX Status(60)
> Aug 24 11:18:06 pi5 iwd[28085]:
> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> Unicast notification Frame(59)
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> notification Frame TX Status(60)
> Aug 24 11:18:06 pi5 iwd[28085]:
> src/netdev.c:netdev_external_auth_sae_tx_associate()
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> Unicast notification Frame(59)
> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
> Failed to send External Auth: Invalid exchange(52)
> Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
> Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
> Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
> 169.254.242.107/16 label wlan0 family 2
>
>
> Need a log of some sort or is this adequate?
>
> Keith

I gave it a bit more thought and wondered if NetworkManager could deal
with wpa3 and this patched verison of iwd. Also no connection. I first
verified that nmcli could connect to the wpa2 ssid then tried this
one.

from cli:
#nmcli --ask dev wifi connect deskSAE
Password: •••••••••
Error: Timeout 90 sec expired.

Aug 24 18:07:43 pi5 iwd[212556]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Aug 24 18:08:17 pi5 sudo[219244]:     root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/usr/bin/nmcli --ask dev wifi connect deskSAE
Aug 24 18:08:17 pi5 sudo[219244]: pam_unix(sudo:session): session
opened for user root(uid=0) by root(uid=0)
Aug 24 18:08:17 pi5 polkitd[212049]: Registered Authentication Agent
for unix-process:219250:1397111 (system bus name :1.7111 [nmcli --ask
dev wifi connect deskSAE], obje>
Aug 24 18:08:23 pi5 NetworkManager[216946]: <info>  [1724540903.5369]
device (wlan0): Activation: starting connection 'deskSAE'
(20e14402-d74a-48d0-a6f9-5c8d0404d21d)
Aug 24 18:08:23 pi5 NetworkManager[216946]: <error> [1724540903.5390]
audit: failed to open auditd socket: Protocol not supported
Aug 24 18:08:23 pi5 NetworkManager[216946]: <info>  [1724540903.5391]
audit: op="connection-add-activate"
uuid="20e14402-d74a-48d0-a6f9-5c8d0404d21d" name="deskSAE" pid=2>
Aug 24 18:08:23 pi5 NetworkManager[216946]: <info>  [1724540903.5398]
device (wlan0): state change: disconnected -> prepare (reason 'none',
sys-iface-state: 'managed')
Aug 24 18:08:23 pi5 NetworkManager[216946]: <info>  [1724540903.5400]
device (wlan0): state change: prepare -> config (reason 'none',
sys-iface-state: 'managed')
Aug 24 18:08:23 pi5 iwd[212556]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Aug 24 18:08:23 pi5 iwd[212556]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Aug 24 18:08:23 pi5 iwd[212556]: event: connect-info, ssid: deskSAE,
bss: d8:3a:dd:60:a3:0c, signal: -57, load: 0/255
Aug 24 18:08:23 pi5 iwd[212556]: event: state, old: autoconnect_full,
new: connecting
Aug 24 18:08:23 pi5 iwd[212556]: CMD_SET_CQM failed: Operation not supported
Aug 24 18:08:23 pi5 NetworkManager[216946]: <info>  [1724540903.5434]
device (wlan0): new IWD device state is connecting
Aug 24 18:08:23 pi5 iwd[212556]: event: connect-info, External Auth to
SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
Aug 24 18:08:23 pi5 kernel: ieee80211 phy0:
brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

Hi Keith,

>>
>> iwctl looks like it is trying something:
>> [iwd]# station wlan0 connect deskSAE
>> Type the network passphrase for deskSAE psk.
>> Passphrase: *********
>> [iwd]#
>>
>> but it never connects. I do notice that connman thinks it is up and
>> assigns a 169.254.x.x address
>>
>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
>> is WPA3-Personal...
>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
>> Aug 24 11:18:06 pi5 iwd[28085]:
>> src/network.c:network_generate_sae_pt() Generating PT for Group 19
>> Aug 24 11:18:06 pi5 iwd[28085]:
>> src/network.c:network_generate_sae_pt() Generating PT for Group 20
>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
>> is WPA3-Personal...
>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
>> Inserting work item 4
>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
>> Starting work item 4
>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
>> bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
>> Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
>> new: connecting
>> Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
>> Stopping periodic scan for wdev 1
>> Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
>> Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
>> configuration
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>> Unicast notification External Auth(127)
>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
>> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
>> Aug 24 11:18:06 pi5 iwd[28085]:
>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
>> notification Frame TX Status(60)
>> Aug 24 11:18:06 pi5 iwd[28085]:
>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>> Unicast notification Frame(59)
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
>> notification Frame TX Status(60)
>> Aug 24 11:18:06 pi5 iwd[28085]:
>> src/netdev.c:netdev_external_auth_sae_tx_associate()
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>> Unicast notification Frame(59)
>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
>> Failed to send External Auth: Invalid exchange(52)

You're seeing the exact broken behavior I'm seeing.  To summarize:

- IWD issues CMD_CONNECT
- Firmware/Kernel sends CMD_EXTERNAL_AUTH to iwd
- IWD performs SAE handshake using CMD_FRAME successfully
- IWD sends CMD_EXTERNAL_AUTH with a success status_code to kernel/firmware
- Kernel/Firmware rplies with error 52, Invalid Exchange.

>> Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
>> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
>> Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
>> Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
>> 169.254.242.107/16 label wlan0 family 2
>>
>>
>> Need a log of some sort or is this adequate?

No.  We need someone who can tell us how this firmware is supposed to operate. 
Perhaps Arend can help?

Regards,
-Denis

Re: [RFC PATCH v1 0/2] External Auth support

[Arend Van Spriel]

On August 26, 2024 5:43:23 PM Denis Kenzior <denkenz@gmail.com> wrote:

> Hi Keith,
>
>>>
>>> iwctl looks like it is trying something:
>>> [iwd]# station wlan0 connect deskSAE
>>> Type the network passphrase for deskSAE psk.
>>> Passphrase: *********
>>> [iwd]#
>>>
>>> but it never connects. I do notice that connman thinks it is up and
>>> assigns a 169.254.x.x address
>>>
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
>>> is WPA3-Personal...
>>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
>>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
>>> Aug 24 11:18:06 pi5 iwd[28085]:
>>> src/network.c:network_generate_sae_pt() Generating PT for Group 19
>>> Aug 24 11:18:06 pi5 iwd[28085]:
>>> src/network.c:network_generate_sae_pt() Generating PT for Group 20
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
>>> is WPA3-Personal...
>>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
>>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
>>> Inserting work item 4
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
>>> Starting work item 4
>>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
>>> bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
>>> Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
>>> new: connecting
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
>>> Stopping periodic scan for wdev 1
>>> Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
>>> Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
>>> configuration
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>>> Unicast notification External Auth(127)
>>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
>>> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
>>> Aug 24 11:18:06 pi5 iwd[28085]:
>>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
>>> notification Frame TX Status(60)
>>> Aug 24 11:18:06 pi5 iwd[28085]:
>>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>>> Unicast notification Frame(59)
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
>>> notification Frame TX Status(60)
>>> Aug 24 11:18:06 pi5 iwd[28085]:
>>> src/netdev.c:netdev_external_auth_sae_tx_associate()
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
>>> Unicast notification Frame(59)
>>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
>>> Failed to send External Auth: Invalid exchange(52)
>
> You're seeing the exact broken behavior I'm seeing.  To summarize:
>
> - IWD issues CMD_CONNECT
> - Firmware/Kernel sends CMD_EXTERNAL_AUTH to iwd
> - IWD performs SAE handshake using CMD_FRAME successfully
> - IWD sends CMD_EXTERNAL_AUTH with a success status_code to kernel/firmware
> - Kernel/Firmware rplies with error 52, Invalid Exchange.
>
>>> Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
>>> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
>>> Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
>>> Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
>>> 169.254.242.107/16 label wlan0 family 2
>>>
>>>
>>> Need a log of some sort or is this adequate?
>
> No.  We need someone who can tell us how this firmware is supposed to operate.
> Perhaps Arend can help?

Hi Denis,

Perhaps I can. I am working on porting/implementing this for upstream 
linux. I guess this is running an Infineon downstream kernel, right? If 
brcmfmac is compiled with CONFIG_BRCMDBG you can load the driver with debug 
module param, ie.:

# modprobe brcmfmac debug=0x5416

That will log some more details. Error -52 is generic code that something 
went wrong in communication with firmware. The debug level above will among 
other things show the actual firmware error code. Another interesting thing 
shown are the firmware capabilities which can also be examined through debugfs.

Regards,
Arend

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Mon, Aug 26, 2024 at 11:54 AM Arend Van Spriel
<arend.vanspriel@broadcom.com> wrote:
>
> On August 26, 2024 5:43:23 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> > Hi Keith,
> >
> >>>
> >>> iwctl looks like it is trying something:
> >>> [iwd]# station wlan0 connect deskSAE
> >>> Type the network passphrase for deskSAE psk.
> >>> Passphrase: *********
> >>> [iwd]#
> >>>
> >>> but it never connects. I do notice that connman thinks it is up and
> >>> assigns a 169.254.x.x address
> >>>
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> >>> is WPA3-Personal...
> >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> >>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> >>> Aug 24 11:18:06 pi5 iwd[28085]:
> >>> src/network.c:network_generate_sae_pt() Generating PT for Group 19
> >>> Aug 24 11:18:06 pi5 iwd[28085]:
> >>> src/network.c:network_generate_sae_pt() Generating PT for Group 20
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> >>> is WPA3-Personal...
> >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> >>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
> >>> Inserting work item 4
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
> >>> Starting work item 4
> >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
> >>> bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
> >>> Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
> >>> new: connecting
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
> >>> Stopping periodic scan for wdev 1
> >>> Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
> >>> Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
> >>> configuration
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> >>> Unicast notification External Auth(127)
> >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
> >>> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
> >>> Aug 24 11:18:06 pi5 iwd[28085]:
> >>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> >>> notification Frame TX Status(60)
> >>> Aug 24 11:18:06 pi5 iwd[28085]:
> >>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> >>> Unicast notification Frame(59)
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> >>> notification Frame TX Status(60)
> >>> Aug 24 11:18:06 pi5 iwd[28085]:
> >>> src/netdev.c:netdev_external_auth_sae_tx_associate()
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> >>> Unicast notification Frame(59)
> >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
> >>> Failed to send External Auth: Invalid exchange(52)
> >
> > You're seeing the exact broken behavior I'm seeing.  To summarize:
> >
> > - IWD issues CMD_CONNECT
> > - Firmware/Kernel sends CMD_EXTERNAL_AUTH to iwd
> > - IWD performs SAE handshake using CMD_FRAME successfully
> > - IWD sends CMD_EXTERNAL_AUTH with a success status_code to kernel/firmware
> > - Kernel/Firmware rplies with error 52, Invalid Exchange.
> >
> >>> Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
> >>> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
> >>> Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
> >>> Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
> >>> 169.254.242.107/16 label wlan0 family 2
> >>>
> >>>
> >>> Need a log of some sort or is this adequate?
> >
> > No.  We need someone who can tell us how this firmware is supposed to operate.
> > Perhaps Arend can help?
>
> Hi Denis,
>
> Perhaps I can. I am working on porting/implementing this for upstream
> linux. I guess this is running an Infineon downstream kernel, right? If
> brcmfmac is compiled with CONFIG_BRCMDBG you can load the driver with debug
> module param, ie.:
>
> # modprobe brcmfmac debug=0x5416
>
> That will log some more details. Error -52 is generic code that something
> went wrong in communication with firmware. The debug level above will among
> other things show the actual firmware error code. Another interesting thing
> shown are the firmware capabilities which can also be examined through debugfs.
>
> Regards,
> Arend
>
>

It appears that this is do-able on the 64 bit RPiOS installed on my Pi5:

I loaded the debug parameters and used the latest iwd 2.20 with the 2
SAE patches applied and now get this:
first with iwd running:
root@pi5(rw):~# nmcli dev wifi list
IN-USE  BSSID              SSID        MODE   CHAN  RATE       SIGNAL
BARS  SECURITY
        00:01:02:00:00:03  deskSAE     Infra  2     65 Mbit/s  79
▂▄▆_  WPA2
root@pi5(rw):~# nmcli --ask dev wifi connect deskSAE
Password: •••••••••
Error: Timeout 90 sec expired.

log with iwd:
Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8140]
device (wlan0): Activation: starting connection 'deskSAE'
(306466e3-8c0c-4925-920f-3d5d1d24189f)
Sep 02 13:56:18 pi5 NetworkManager[37130]: <error> [1725303378.8160]
audit: failed to open auditd socket: Protocol not supported
Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8161]
audit: op="connection-add-activate"
uuid="306466e3-8c0c-4925-920f-3d5d1d24189f" name="deskSAE" pid=37812
uid=0 result="success"
Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8167]
device (wlan0): state change: disconnected -> prepare (reason 'none',
sys-iface-state: 'managed')
Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8170]
device (wlan0): state change: prepare -> config (reason 'none',
sys-iface-state: 'managed')
Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, FullMAC driver:
brcmfmac using SAE.  Expect EXTERNAL_AUTH
Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, ssid: deskSAE,
bss: d8:3a:dd:60:a3:0c, signal: -55, load: 0/255
Sep 02 13:56:18 pi5 iwd[37306]: event: state, old: autoconnect_full,
new: connecting
Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8201]
device (wlan0): new IWD device state is connecting
Sep 02 13:56:18 pi5 iwd[37306]: CMD_SET_CQM failed: Operation not supported
Sep 02 13:56:18 pi5 kernel: brcmfmac: _brcmf_set_multicast_list Enter,
bsscfgidx=0
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=mcast_list, len=16
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 02 00 00 00 33 33 00 00 00 01 01
00 5e 00 00 01  ....33......^...
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 43 expected 43
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=allmulti, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=wpaie, len=22
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 30 14 01 00 00 0f ac 04 01 00 00
0f ac 04 01 00  0...............
Sep 02 13:56:18 pi5 kernel: 00000010: 00 0f ac 08 80 00
                ......
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 44 expected 44
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_vif_set_mgmt_ie bsscfgidx
0, pktflag : 0x20
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
cmd=10, value=0
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Applied
Vndr IEs for Assoc request
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect ie
(00000000da8c1efd), ie_len (34)
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 20 expected 20
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=arp_ol, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 09 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 27 expected 27
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=auth, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 03 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 25 expected 25
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wsec, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 04 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 25 expected 25
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_get
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4, err=0
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=mfp, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 24 expected 24
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=arpoe, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 26 expected 26
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_configure_arp_nd_offload
successfully configured (1) ARP offload to 0x9
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
cmd=205, value=0
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 20 expected 20
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=join_pref, len=8
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 04 02 08 01 01 02 00 00
                ........
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 34 expected 34
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=ndoe, len=4
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 25 expected 25
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_configure_arp_nd_offload
successfully configured (1) ND offload to 0x9
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=join, len=70
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 07 00 00 00 64 65 73 6b 53 41 45
00 00 00 00 00  ....deskSAE.....
Sep 02 13:56:18 pi5 kernel: 00000010: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00  ................
Sep 02 13:56:18 pi5 kernel: 00000020: 00 00 00 00 ff 00 00 00 10 00 00
00 40 01 00 00  ............@...
Sep 02 13:56:18 pi5 kernel: 00000030: 90 01 00 00 ff ff ff ff d8 3a dd
60 a3 0c 00 00  .........:.`....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 91 expected 91
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Exit
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, External Auth to
SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=00000000fdc96f1d
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
EXT_AUTH_REQ (187) ifidx 0 bsscfg 0 addr a4:c8:5c:11:2f:b9
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 0 status 0 reason 0
Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=60
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 d8 3a dd 60 a3 0c 07 00 00
00 64 65 73 6b  ...:.`......desk
Sep 02 13:56:18 pi5 kernel: 00000010: 53 41 45 00 00 00 00 00 00 00 00
00 24 00 00 00  SAE.........$...
Sep 02 13:56:18 pi5 kernel: 00000020: 00 00 00 00 00 00 00 00 e0 86 19
00 7a 35 18 00  ............z5..
Sep 02 13:56:18 pi5 kernel: 00000030: e0 86 19 00 7a 35 18 00 03 00 00
00              ....z5......
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_ext_auth_request
Enter: event EXT_AUTH_REQ (187) received
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 20 expected 20
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_get ifidx=0,
cmd=29, value=1
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx Auth
frame, cookie=0, fc=00b0, len=104, channel=12626
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=mgmt_frame, len=136
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00 a0 0f 00 00 68 00 b0
00 52 31 d8 3a  ........h...R1.:
Sep 02 13:56:18 pi5 kernel: 00000010: dd 60 a3 0c d8 3a dd 60 a3 0c 00
00 00 00 00 00  .`...:.`........
Sep 02 13:56:18 pi5 kernel: 00000020: 03 00 01 00 00 00 13 00 8c 8c d6
84 5b 94 b5 0e  ............[...
Sep 02 13:56:18 pi5 kernel: 00000030: 51 2b 0d 9d a0 78 14 bb 93 25 de
7e c3 69 32 0e  Q+...x...%.~.i2.
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 163 expected 163
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=00000000cc427a80
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
MGMT_FRAME_TXSTATUS (189) ifidx 0 bsscfg 0 addr a1:e5:f5:86:a2:ba
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 0 status 0 reason 0
Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=4
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00
                ....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_mgmt_tx_status
Enter: event MGMT_FRAME_TXSTATUS (189), status=0
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx TX Auth
frame operation is success
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=00000000cc427a80
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
EXT_AUTH_FRAME_RX (188) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 0 status 0 reason 0
Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=144
Sep 02 13:56:18 pi5 kernel: 00000000: 00 01 10 01 ff ff ff c9 00 01 46
35 00 01 00 02  ..........F5....
Sep 02 13:56:18 pi5 kernel: 00000010: b0 00 3a 01 d8 3a dd d2 ae 3c d8
3a dd 60 a3 0c  ..:..:...<.:.`..
Sep 02 13:56:18 pi5 kernel: 00000020: d8 3a dd 60 a3 0c 20 88 03 00 01
00 00 00 13 00  .:.`.. .........
Sep 02 13:56:18 pi5 kernel: 00000030: d1 ae 95 46 66 ea 04 6f 59 0a 2c
5e d4 e9 d6 2e  ...Ff..oY.,^....
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_auth_frame_rx
Enter: event EXT_AUTH_FRAME_RX (188) received
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 22 expected 22
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_data Firmware
error: BCME_NOTASSOCIATED (-17)
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_data_get ifidx=0,
cmd=23, len=6, err=-52
Sep 02 13:56:18 pi5 kernel: brcmutil: data
Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00 00 00
                ......
Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
Sep 02 13:57:48 pi5 polkitd[551]: Unregistered Authentication Agent
for unix-process:37812:208342 (system bus name :1.1193, object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
(disconnected from bus)

Now trial with wpa_supplicant:
root@pi5(rw):~# nmcli --ask dev wifi connect deskSAE
Password: •••••••••
Device 'wlan0' successfully activated with
'87cd00bc-9664-4827-8a00-d98bcb7b9877'.

Log with wpa_supplicant and a connect:
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_cfg80211_escan_handler
ESCAN Partial result
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=0000000039214d1f
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
ESCAN_RESULT (69) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 0 status 8 reason 0
Sep 02 14:08:10 pi5 kernel: brcmutil: event payload, len=208
Sep 02 14:08:10 pi5 kernel: 00000000: d0 00 00 00 6d 00 00 00 34 12 01
00 6d 00 00 00  ....m...4...m...
Sep 02 14:08:10 pi5 kernel: 00000010: c4 00 00 00 d8 3a dd 60 a3 0c 64
00 11 04 07 64  .....:.`..d....d
Sep 02 14:08:10 pi5 kernel: 00000020: 65 73 6b 53 41 45 00 00 00 00 00
00 00 00 00 00  eskSAE..........
Sep 02 14:08:10 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00  ................
Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_cfg80211_escan_handler
ESCAN Partial result
...
this was what I think was the snippet where it connected with the SSID
after NetworkManager was restarted:

Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: Trying to associate
with SSID 'deskSAE'
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=wpaie, len=44
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 30 2a 01 00 00 0f ac 04 01 00 00
0f ac 04 01 00  0*..............
Sep 02 14:17:14 pi5 kernel: 00000010: 00 0f ac 08 c0 00 01 00 c9 b9 cd
8f 08 b5 a5 a0  ................
Sep 02 14:17:14 pi5 kernel: 00000020: b2 c0 3a f3 1e ef d4 12 00 0f ac
06              ..:.........
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 66 expected 66
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_vif_set_mgmt_ie bsscfgidx
0, pktflag : 0x20
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Applied
Vndr IEs for Assoc request
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect ie
(00000000c11a8d64), ie_len (79)
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=auth, len=4
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 00 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 25 expected 25
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wsec, len=4
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 04 00 00 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 25 expected 25
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_get
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=mfp, len=4
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 02 00 00 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 24 expected 24
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
                ....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 29 expected 29
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
cmd=205, value=0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 20 expected 20
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
ifidx=0, name=join_pref, len=8
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 04 02 08 01 01 02 00 00
                ........
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 34 expected 34
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
ifidx=0, bsscfgidx=0, name=join, len=70
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 07 00 00 00 64 65 73 6b 53 41 45
00 00 00 00 00  ....deskSAE.....
Sep 02 14:17:14 pi5 kernel: 00000010: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00  ................
Sep 02 14:17:14 pi5 kernel: 00000020: 00 00 00 00 ff 00 00 00 10 00 00
00 40 01 00 00  ............@...
Sep 02 14:17:14 pi5 kernel: 00000030: 90 01 00 00 ff ff ff ff d8 3a dd
60 a3 0c 00 00  .........:.`....
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 91 expected 91
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Exit
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.0622]
device (wlan0): supplicant interface state: scanning -> associating
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.0622]
device (p2p-dev-wlan0): supplicant management interface state:
scanning -> associating
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=0000000062bff4bd
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
LINK (16) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 1 status 0 reason 0
Sep 02 14:17:14 pi5 kernel: brcmutil: event payload, len=22
Sep 02 14:17:14 pi5 kernel: 00000000: 30 14 01 00 00 0f ac 04 01 00 00
0f ac 04 01 00  0...............
Sep 02 14:17:14 pi5 kernel: 00000010: 00 0f ac 08 c0 00
                ......
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
mmc1:0001:1: rxp=00000000aafdfb7d
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
SET_SSID (0) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
version 2 flags 0 status 0 reason 0
Sep 02 14:17:14 pi5 kernel: brcmutil: event payload, len=7
Sep 02 14:17:14 pi5 kernel: 00000000: 64 65 73 6b 53 41 45
                deskSAE
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_bss_connect_done Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: Associated with
d8:3a:dd:60:a3:0c
Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 539 expected 539
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
ifidx=0, name=assoc_info, len=512, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 66 00 00 00 20 00 00 00 00 00 00
00 31 04 0a 00  f... .......1...
Sep 02 14:17:14 pi5 kernel: 00000010: 00 00 00 cc 00 00 11 04 00 00 01
c0 0c 64 00 11  .............d..
Sep 02 14:17:14 pi5 kernel: 00000020: 04 07 64 65 73 6b 53 41 45 00 00
00 00 00 00 00  ..deskSAE.......
Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00  ................
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 542 expected 542
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
ifidx=0, name=assoc_req_ies, len=512, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 00 07 64 65 73 6b 53 41 45 01 08
82 84 8b 96 24  ..deskSAE......$
Sep 02 14:17:14 pi5 kernel: 00000010: 30 48 6c 32 04 0c 12 18 60 21 02
03 14 24 02 01  0Hl2....`!...$..
Sep 02 14:17:14 pi5 kernel: 00000020: 0b 30 2a 01 00 00 0f ac 04 01 00
00 0f ac 04 01  .0*.............
Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 0f ac 08 c0 00 01 00 c9 b9
cd 8f 08 b5 a5  ................
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 543 expected 543
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
ifidx=0, name=assoc_resp_ies, len=512, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 01 08 82 84 8b 96 0c 12 18 24 32
04 30 48 60 6c  .........$2.0H`l
Sep 02 14:17:14 pi5 kernel: 00000010: 7f 08 04 00 00 00 00 00 00 40 82
84 8b 96 24 30  .........@....$0
Sep 02 14:17:14 pi5 kernel: 00000020: 48 6c 32 04 0c 12 18 60 21 02 03
14 24 02 01 0b  Hl2....`!...$...
Sep 02 14:17:14 pi5 kernel: 00000030: 30 2a 01 00 00 0f ac 04 01 00 00
0f ac 04 01 00  0*..............
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 43 expected 43
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
ifidx=0, name=wme_ac_sta, len=16, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: 03 a4 00 00 27 a4 00 00 42 43 5e
00 62 32 2f 00  ....'...BC^.b2/.
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_update_bss_info Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
rxctl frame, got 2064 expected 2064
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_cmd_data_get ifidx=0,
cmd=136, len=2048, err=0
Sep 02 14:17:14 pi5 kernel: brcmutil: data
Sep 02 14:17:14 pi5 kernel: 00000000: cd 00 00 00 6d 00 00 00 cc 00 00
00 d8 3a dd 60  ....m........:.`
Sep 02 14:17:14 pi5 kernel: 00000010: a3 0c 64 00 11 04 07 64 65 73 6b
53 41 45 00 00  ..d....deskSAE..
Sep 02 14:17:14 pi5 kernel: 00000020: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00  ................
Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 0c 00 00
00 82 84 8b 0c  ................
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_update_bss_info Exit
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_bss_connect_done Exit
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_net_setcarrier Enter,
bsscfgidx=0 carrier=1
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_txflowblock_if enter:
bsscfgidx=0 stop=0x4 reason=4 state=0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txdata Enter:
pkt: data 00000000e74f6ccc len 161
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txdata deferring pktq len 0
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_sendfromq Enter
Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_txpkt Enter
Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: WPA: Key negotiation
completed with d8:3a:dd:60:a3:0c [PTK=CCMP GTK=CCMP]
Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: CTRL-EVENT-CONNECTED
- Connection to d8:3a:dd:60:a3:0c completed [id=0 id_str=]
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2164]
device (wlan0): supplicant interface state: associating -> completed
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2165]
device (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure)
successful. Connected to wireless network "deskSAE"
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2166]
device (p2p-dev-wlan0): supplicant management interface state:
associating -> completed
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2167]
device (wlan0): state change: config -> ip-config (reason 'none',
sys-iface-state: 'managed')
Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2170]
dhcp4 (wlan0): activation: beginning transaction (timeout in 45
seconds)

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Mon, Sep 2, 2024 at 2:32 PM KeithG <ys3al35l@gmail.com> wrote:
>
> On Mon, Aug 26, 2024 at 11:54 AM Arend Van Spriel
> <arend.vanspriel@broadcom.com> wrote:
> >
> > On August 26, 2024 5:43:23 PM Denis Kenzior <denkenz@gmail.com> wrote:
> >
> > > Hi Keith,
> > >
> > >>>
> > >>> iwctl looks like it is trying something:
> > >>> [iwd]# station wlan0 connect deskSAE
> > >>> Type the network passphrase for deskSAE psk.
> > >>> Passphrase: *********
> > >>> [iwd]#
> > >>>
> > >>> but it never connects. I do notice that connman thinks it is up and
> > >>> assigns a 169.254.x.x address
> > >>>
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> > >>> is WPA3-Personal...
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> > >>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> > >>> Aug 24 11:18:06 pi5 iwd[28085]:
> > >>> src/network.c:network_generate_sae_pt() Generating PT for Group 19
> > >>> Aug 24 11:18:06 pi5 iwd[28085]:
> > >>> src/network.c:network_generate_sae_pt() Generating PT for Group 20
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_select_akm() Network
> > >>> is WPA3-Personal...
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, FullMAC driver:
> > >>> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_cqm_rssi_update()
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_insert()
> > >>> Inserting work item 4
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/wiphy.c:wiphy_radio_work_next()
> > >>> Starting work item 4
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, ssid: deskSAE,
> > >>> bss: d8:3a:dd:60:a3:0c, signal: -63, load: 0/255
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: event: state, old: autoconnect_full,
> > >>> new: connecting
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/scan.c:scan_periodic_stop()
> > >>> Stopping periodic scan for wdev 1
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: CMD_SET_CQM failed: Operation not supported
> > >>> Aug 24 11:18:06 pi5 connmand[635]: Interface wlan0 [ wifi ] state is
> > >>> configuration
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> > >>> Unicast notification External Auth(127)
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: event: connect-info, External Auth to
> > >>> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
> > >>> Aug 24 11:18:06 pi5 iwd[28085]:
> > >>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> > >>> notification Frame TX Status(60)
> > >>> Aug 24 11:18:06 pi5 iwd[28085]:
> > >>> src/netdev.c:netdev_external_auth_sae_tx_authenticate()
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> > >>> Unicast notification Frame(59)
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_mlme_notify() MLME
> > >>> notification Frame TX Status(60)
> > >>> Aug 24 11:18:06 pi5 iwd[28085]:
> > >>> src/netdev.c:netdev_external_auth_sae_tx_associate()
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_unicast_notify()
> > >>> Unicast notification Frame(59)
> > >>> Aug 24 11:18:06 pi5 iwd[28085]: src/netdev.c:netdev_external_auth_cb()
> > >>> Failed to send External Auth: Invalid exchange(52)
> > >
> > > You're seeing the exact broken behavior I'm seeing.  To summarize:
> > >
> > > - IWD issues CMD_CONNECT
> > > - Firmware/Kernel sends CMD_EXTERNAL_AUTH to iwd
> > > - IWD performs SAE handshake using CMD_FRAME successfully
> > > - IWD sends CMD_EXTERNAL_AUTH with a success status_code to kernel/firmware
> > > - Kernel/Firmware rplies with error 52, Invalid Exchange.
> > >
> > >>> Aug 24 11:18:06 pi5 kernel: ieee80211 phy0:
> > >>> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
> > >>> Aug 24 11:18:46 pi5 connmand[635]: Interface wlan0 [ wifi ] state is ready
> > >>> Aug 24 11:18:46 pi5 connmand[635]: wlan0 {add} address
> > >>> 169.254.242.107/16 label wlan0 family 2
> > >>>
> > >>>
> > >>> Need a log of some sort or is this adequate?
> > >
> > > No.  We need someone who can tell us how this firmware is supposed to operate.
> > > Perhaps Arend can help?
> >
> > Hi Denis,
> >
> > Perhaps I can. I am working on porting/implementing this for upstream
> > linux. I guess this is running an Infineon downstream kernel, right? If
> > brcmfmac is compiled with CONFIG_BRCMDBG you can load the driver with debug
> > module param, ie.:
> >
> > # modprobe brcmfmac debug=0x5416
> >
> > That will log some more details. Error -52 is generic code that something
> > went wrong in communication with firmware. The debug level above will among
> > other things show the actual firmware error code. Another interesting thing
> > shown are the firmware capabilities which can also be examined through debugfs.
> >
> > Regards,
> > Arend
> >
> >
>
> It appears that this is do-able on the 64 bit RPiOS installed on my Pi5:
>
> I loaded the debug parameters and used the latest iwd 2.20 with the 2
> SAE patches applied and now get this:
> first with iwd running:
> root@pi5(rw):~# nmcli dev wifi list
> IN-USE  BSSID              SSID        MODE   CHAN  RATE       SIGNAL
> BARS  SECURITY
>         00:01:02:00:00:03  deskSAE     Infra  2     65 Mbit/s  79
> ▂▄▆_  WPA2
> root@pi5(rw):~# nmcli --ask dev wifi connect deskSAE
> Password: •••••••••
> Error: Timeout 90 sec expired.
>
> log with iwd:
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8140]
> device (wlan0): Activation: starting connection 'deskSAE'
> (306466e3-8c0c-4925-920f-3d5d1d24189f)
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <error> [1725303378.8160]
> audit: failed to open auditd socket: Protocol not supported
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8161]
> audit: op="connection-add-activate"
> uuid="306466e3-8c0c-4925-920f-3d5d1d24189f" name="deskSAE" pid=37812
> uid=0 result="success"
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8167]
> device (wlan0): state change: disconnected -> prepare (reason 'none',
> sys-iface-state: 'managed')
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8170]
> device (wlan0): state change: prepare -> config (reason 'none',
> sys-iface-state: 'managed')
> Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, FullMAC driver:
> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, FullMAC driver:
> brcmfmac using SAE.  Expect EXTERNAL_AUTH
> Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, ssid: deskSAE,
> bss: d8:3a:dd:60:a3:0c, signal: -55, load: 0/255
> Sep 02 13:56:18 pi5 iwd[37306]: event: state, old: autoconnect_full,
> new: connecting
> Sep 02 13:56:18 pi5 NetworkManager[37130]: <info>  [1725303378.8201]
> device (wlan0): new IWD device state is connecting
> Sep 02 13:56:18 pi5 iwd[37306]: CMD_SET_CQM failed: Operation not supported
> Sep 02 13:56:18 pi5 kernel: brcmfmac: _brcmf_set_multicast_list Enter,
> bsscfgidx=0
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=mcast_list, len=16
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 02 00 00 00 33 33 00 00 00 01 01
> 00 5e 00 00 01  ....33......^...
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 43 expected 43
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=allmulti, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=wpaie, len=22
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 30 14 01 00 00 0f ac 04 01 00 00
> 0f ac 04 01 00  0...............
> Sep 02 13:56:18 pi5 kernel: 00000010: 00 0f ac 08 80 00
>                 ......
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 44 expected 44
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_vif_set_mgmt_ie bsscfgidx
> 0, pktflag : 0x20
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
> cmd=10, value=0
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Applied
> Vndr IEs for Assoc request
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect ie
> (00000000da8c1efd), ie_len (34)
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 20 expected 20
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=arp_ol, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 09 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 27 expected 27
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=auth, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 03 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 25 expected 25
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wsec, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 04 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 25 expected 25
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_get
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4, err=0
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=mfp, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 24 expected 24
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=arpoe, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 26 expected 26
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_configure_arp_nd_offload
> successfully configured (1) ARP offload to 0x9
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
> cmd=205, value=0
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 20 expected 20
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=join_pref, len=8
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 04 02 08 01 01 02 00 00
>                 ........
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 34 expected 34
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=ndoe, len=4
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 01 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 25 expected 25
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_configure_arp_nd_offload
> successfully configured (1) ND offload to 0x9
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=join, len=70
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 07 00 00 00 64 65 73 6b 53 41 45
> 00 00 00 00 00  ....deskSAE.....
> Sep 02 13:56:18 pi5 kernel: 00000010: 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00  ................
> Sep 02 13:56:18 pi5 kernel: 00000020: 00 00 00 00 ff 00 00 00 10 00 00
> 00 40 01 00 00  ............@...
> Sep 02 13:56:18 pi5 kernel: 00000030: 90 01 00 00 ff ff ff ff d8 3a dd
> 60 a3 0c 00 00  .........:.`....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 91 expected 91
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Exit
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
> Sep 02 13:56:18 pi5 iwd[37306]: event: connect-info, External Auth to
> SSID: deskSAE, bssid: d8:3a:dd:60:a3:0c
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=00000000fdc96f1d
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> EXT_AUTH_REQ (187) ifidx 0 bsscfg 0 addr a4:c8:5c:11:2f:b9
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 0 status 0 reason 0
> Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=60
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 d8 3a dd 60 a3 0c 07 00 00
> 00 64 65 73 6b  ...:.`......desk
> Sep 02 13:56:18 pi5 kernel: 00000010: 53 41 45 00 00 00 00 00 00 00 00
> 00 24 00 00 00  SAE.........$...
> Sep 02 13:56:18 pi5 kernel: 00000020: 00 00 00 00 00 00 00 00 e0 86 19
> 00 7a 35 18 00  ............z5..
> Sep 02 13:56:18 pi5 kernel: 00000030: e0 86 19 00 7a 35 18 00 03 00 00
> 00              ....z5......
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_ext_auth_request
> Enter: event EXT_AUTH_REQ (187) received
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 20 expected 20
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_get ifidx=0,
> cmd=29, value=1
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx Auth
> frame, cookie=0, fc=00b0, len=104, channel=12626
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=mgmt_frame, len=136
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00 a0 0f 00 00 68 00 b0
> 00 52 31 d8 3a  ........h...R1.:
> Sep 02 13:56:18 pi5 kernel: 00000010: dd 60 a3 0c d8 3a dd 60 a3 0c 00
> 00 00 00 00 00  .`...:.`........
> Sep 02 13:56:18 pi5 kernel: 00000020: 03 00 01 00 00 00 13 00 8c 8c d6
> 84 5b 94 b5 0e  ............[...
> Sep 02 13:56:18 pi5 kernel: 00000030: 51 2b 0d 9d a0 78 14 bb 93 25 de
> 7e c3 69 32 0e  Q+...x...%.~.i2.
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 163 expected 163
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=00000000cc427a80
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> MGMT_FRAME_TXSTATUS (189) ifidx 0 bsscfg 0 addr a1:e5:f5:86:a2:ba
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 0 status 0 reason 0
> Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=4
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00
>                 ....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_mgmt_tx_status
> Enter: event MGMT_FRAME_TXSTATUS (189), status=0
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_cfg80211_mgmt_tx TX Auth
> frame operation is success
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=00000000cc427a80
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> EXT_AUTH_FRAME_RX (188) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 0 status 0 reason 0
> Sep 02 13:56:18 pi5 kernel: brcmutil: event payload, len=144
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 01 10 01 ff ff ff c9 00 01 46
> 35 00 01 00 02  ..........F5....
> Sep 02 13:56:18 pi5 kernel: 00000010: b0 00 3a 01 d8 3a dd d2 ae 3c d8
> 3a dd 60 a3 0c  ..:..:...<.:.`..
> Sep 02 13:56:18 pi5 kernel: 00000020: d8 3a dd 60 a3 0c 20 88 03 00 01
> 00 00 00 13 00  .:.`.. .........
> Sep 02 13:56:18 pi5 kernel: 00000030: d1 ae 95 46 66 ea 04 6f 59 0a 2c
> 5e d4 e9 d6 2e  ...Ff..oY.,^....
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_notify_auth_frame_rx
> Enter: event EXT_AUTH_FRAME_RX (188) received
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 22 expected 22
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_data Firmware
> error: BCME_NOTASSOCIATED (-17)
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_fil_cmd_data_get ifidx=0,
> cmd=23, len=6, err=-52
> Sep 02 13:56:18 pi5 kernel: brcmutil: data
> Sep 02 13:56:18 pi5 kernel: 00000000: 00 00 00 00 00 00
>                 ......
> Sep 02 13:56:18 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
> Sep 02 13:57:48 pi5 polkitd[551]: Unregistered Authentication Agent
> for unix-process:37812:208342 (system bus name :1.1193, object path
> /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
> (disconnected from bus)
>
> Now trial with wpa_supplicant:
> root@pi5(rw):~# nmcli --ask dev wifi connect deskSAE
> Password: •••••••••
> Device 'wlan0' successfully activated with
> '87cd00bc-9664-4827-8a00-d98bcb7b9877'.
>
> Log with wpa_supplicant and a connect:
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_cfg80211_escan_handler
> ESCAN Partial result
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=0000000039214d1f
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> ESCAN_RESULT (69) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 0 status 8 reason 0
> Sep 02 14:08:10 pi5 kernel: brcmutil: event payload, len=208
> Sep 02 14:08:10 pi5 kernel: 00000000: d0 00 00 00 6d 00 00 00 34 12 01
> 00 6d 00 00 00  ....m...4...m...
> Sep 02 14:08:10 pi5 kernel: 00000010: c4 00 00 00 d8 3a dd 60 a3 0c 64
> 00 11 04 07 64  .....:.`..d....d
> Sep 02 14:08:10 pi5 kernel: 00000020: 65 73 6b 53 41 45 00 00 00 00 00
> 00 00 00 00 00  eskSAE..........
> Sep 02 14:08:10 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00  ................
> Sep 02 14:08:10 pi5 kernel: brcmfmac: brcmf_cfg80211_escan_handler
> ESCAN Partial result
> ...
> this was what I think was the snippet where it connected with the SSID
> after NetworkManager was restarted:
>
> Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: Trying to associate
> with SSID 'deskSAE'
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=wpaie, len=44
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 30 2a 01 00 00 0f ac 04 01 00 00
> 0f ac 04 01 00  0*..............
> Sep 02 14:17:14 pi5 kernel: 00000010: 00 0f ac 08 c0 00 01 00 c9 b9 cd
> 8f 08 b5 a5 a0  ................
> Sep 02 14:17:14 pi5 kernel: 00000020: b2 c0 3a f3 1e ef d4 12 00 0f ac
> 06              ..:.........
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 66 expected 66
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_vif_set_mgmt_ie bsscfgidx
> 0, pktflag : 0x20
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Applied
> Vndr IEs for Assoc request
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect ie
> (00000000c11a8d64), ie_len (79)
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=auth, len=4
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 00 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 25 expected 25
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wsec, len=4
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 04 00 00 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 25 expected 25
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_get
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=mfp, len=4
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 02 00 00 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 24 expected 24
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=wpa_auth, len=4
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 00 00 04 00
>                 ....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 29 expected 29
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_cmd_int_set ifidx=0,
> cmd=205, value=0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 20 expected 20
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_set
> ifidx=0, name=join_pref, len=8
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 04 02 08 01 01 02 00 00
>                 ........
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 34 expected 34
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_bsscfg_data_set
> ifidx=0, bsscfgidx=0, name=join, len=70
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 07 00 00 00 64 65 73 6b 53 41 45
> 00 00 00 00 00  ....deskSAE.....
> Sep 02 14:17:14 pi5 kernel: 00000010: 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00  ................
> Sep 02 14:17:14 pi5 kernel: 00000020: 00 00 00 00 ff 00 00 00 10 00 00
> 00 40 01 00 00  ............@...
> Sep 02 14:17:14 pi5 kernel: 00000030: 90 01 00 00 ff ff ff ff d8 3a dd
> 60 a3 0c 00 00  .........:.`....
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 91 expected 91
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_cfg80211_connect Exit
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.0622]
> device (wlan0): supplicant interface state: scanning -> associating
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.0622]
> device (p2p-dev-wlan0): supplicant management interface state:
> scanning -> associating
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=0000000062bff4bd
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> LINK (16) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 1 status 0 reason 0
> Sep 02 14:17:14 pi5 kernel: brcmutil: event payload, len=22
> Sep 02 14:17:14 pi5 kernel: 00000000: 30 14 01 00 00 0f ac 04 01 00 00
> 0f ac 04 01 00  0...............
> Sep 02 14:17:14 pi5 kernel: 00000010: 00 0f ac 08 c0 00
>                 ......
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_kso_control Enter: on=1
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_rx_event Enter:
> mmc1:0001:1: rxp=00000000aafdfb7d
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker event
> SET_SSID (0) ifidx 0 bsscfg 0 addr d8:3a:dd:60:a3:0c
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fweh_event_worker
> version 2 flags 0 status 0 reason 0
> Sep 02 14:17:14 pi5 kernel: brcmutil: event payload, len=7
> Sep 02 14:17:14 pi5 kernel: 00000000: 64 65 73 6b 53 41 45
>                 deskSAE
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_bss_connect_done Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: Associated with
> d8:3a:dd:60:a3:0c
> Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0:
> CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 539 expected 539
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
> ifidx=0, name=assoc_info, len=512, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 66 00 00 00 20 00 00 00 00 00 00
> 00 31 04 0a 00  f... .......1...
> Sep 02 14:17:14 pi5 kernel: 00000010: 00 00 00 cc 00 00 11 04 00 00 01
> c0 0c 64 00 11  .............d..
> Sep 02 14:17:14 pi5 kernel: 00000020: 04 07 64 65 73 6b 53 41 45 00 00
> 00 00 00 00 00  ..deskSAE.......
> Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00  ................
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 542 expected 542
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
> ifidx=0, name=assoc_req_ies, len=512, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 00 07 64 65 73 6b 53 41 45 01 08
> 82 84 8b 96 24  ..deskSAE......$
> Sep 02 14:17:14 pi5 kernel: 00000010: 30 48 6c 32 04 0c 12 18 60 21 02
> 03 14 24 02 01  0Hl2....`!...$..
> Sep 02 14:17:14 pi5 kernel: 00000020: 0b 30 2a 01 00 00 0f ac 04 01 00
> 00 0f ac 04 01  .0*.............
> Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 0f ac 08 c0 00 01 00 c9 b9
> cd 8f 08 b5 a5  ................
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 543 expected 543
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
> ifidx=0, name=assoc_resp_ies, len=512, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 01 08 82 84 8b 96 0c 12 18 24 32
> 04 30 48 60 6c  .........$2.0H`l
> Sep 02 14:17:14 pi5 kernel: 00000010: 7f 08 04 00 00 00 00 00 00 40 82
> 84 8b 96 24 30  .........@....$0
> Sep 02 14:17:14 pi5 kernel: 00000020: 48 6c 32 04 0c 12 18 60 21 02 03
> 14 24 02 01 0b  Hl2....`!...$...
> Sep 02 14:17:14 pi5 kernel: 00000030: 30 2a 01 00 00 0f ac 04 01 00 00
> 0f ac 04 01 00  0*..............
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 43 expected 43
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_iovar_data_get
> ifidx=0, name=wme_ac_sta, len=16, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: 03 a4 00 00 27 a4 00 00 42 43 5e
> 00 62 32 2f 00  ....'...BC^.b2/.
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_update_bss_info Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_isr Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed on
> rxctl frame, got 2064 expected 2064
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_fil_cmd_data_get ifidx=0,
> cmd=136, len=2048, err=0
> Sep 02 14:17:14 pi5 kernel: brcmutil: data
> Sep 02 14:17:14 pi5 kernel: 00000000: cd 00 00 00 6d 00 00 00 cc 00 00
> 00 d8 3a dd 60  ....m........:.`
> Sep 02 14:17:14 pi5 kernel: 00000010: a3 0c 64 00 11 04 07 64 65 73 6b
> 53 41 45 00 00  ..d....deskSAE..
> Sep 02 14:17:14 pi5 kernel: 00000020: 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00  ................
> Sep 02 14:17:14 pi5 kernel: 00000030: 00 00 00 00 00 00 00 00 0c 00 00
> 00 82 84 8b 0c  ................
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_update_bss_info Exit
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_bss_connect_done Exit
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_net_setcarrier Enter,
> bsscfgidx=0 carrier=1
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_txflowblock_if enter:
> bsscfgidx=0 stop=0x4 reason=4 state=0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txdata Enter:
> pkt: data 00000000e74f6ccc len 161
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_bus_txdata deferring pktq len 0
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_sendfromq Enter
> Sep 02 14:17:14 pi5 kernel: brcmfmac: brcmf_sdio_txpkt Enter
> Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: WPA: Key negotiation
> completed with d8:3a:dd:60:a3:0c [PTK=CCMP GTK=CCMP]
> Sep 02 14:17:14 pi5 wpa_supplicant[43594]: wlan0: CTRL-EVENT-CONNECTED
> - Connection to d8:3a:dd:60:a3:0c completed [id=0 id_str=]
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2164]
> device (wlan0): supplicant interface state: associating -> completed
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2165]
> device (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure)
> successful. Connected to wireless network "deskSAE"
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2166]
> device (p2p-dev-wlan0): supplicant management interface state:
> associating -> completed
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2167]
> device (wlan0): state change: config -> ip-config (reason 'none',
> sys-iface-state: 'managed')
> Sep 02 14:17:14 pi5 NetworkManager[57939]: <info>  [1725304634.2170]
> dhcp4 (wlan0): activation: beginning transaction (timeout in 45
> seconds)

Is more needed? I can collect whatever logs are needed.

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[Yuxuan Shui]

Hi,


On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> This series implements External Auth support on Full MAC cards that do
> not support SAE offload.  I have not been able to test this fully since
> the brcmfmac firmware on the RPi 5 does not actually work properly.
> Maybe some enterprising person can test it on a firmware that does work?
>
> Denis Kenzior (2):
>   netdev: external auth support
>   sae: Allow ability to force Group 19 / Hunt and Peck
>
>  src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
>  src/nl80211util.c |   4 +-
>  src/sae.c         |  20 ++++
>  src/sae.h         |   3 +
>  src/wiphy.c       |  19 ++--
>  5 files changed, 263 insertions(+), 41 deletions(-)
>
> --
> 2.45.2
>

I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
as well. However I managed to get some debug information from brcmfmac when
running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
well, which it reports as an authentication timeout. But if I ask it to try
again, it will connect successfully, and there is no external auth related log
the second time around.

So I suspect this is a firmware bug, but it should be relatively easy to
workaround I think? Basically we also add a timeout and retry.

BTW, with the current version of this patch, if I ask iwd to disconnect after
getting the -52 error, iwd segfaults.

Regards,
Yuxuan Shui

Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

Hi Yuxuan Shui,

> 
> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> as well. However I managed to get some debug information from brcmfmac when
> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> well, which it reports as an authentication timeout. But if I ask it to try
> again, it will connect successfully, and there is no external auth related log
> the second time around.

Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even 
though the initial connection using external auth fails.  I've only seen 2.10 do 
this, not 2.11.  Either way, it is a bug / lucky coincidence.

> 
> So I suspect this is a firmware bug, but it should be relatively easy to
> workaround I think? Basically we also add a timeout and retry.

It would be far nicer if the brcmfmac firmware + driver combination worked 
properly :)

Regards,
-Denis

Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

Hi Keith,

> 
> Just to be sure... Are you saying that both wpa_supplicant and iwd fail the same 
> way, but wpa_supplicant ignores the failure and still connects?

Pretty much.  But really more by accident than design.

What happens is:
   1. wpa_s completes the SAE handshake via external auth
   2. It then (without waiting for the connection succeeded event) uploads
      the resulting PMKSA into the kernel
   3. Tells the firmware that the handshake succeeded
   4. The firmware nopes out with error -52.
   5. wpa_s then times out / fails the current connection attempt
   6. Re-tries.  On the retry attempt the firmware picks the PMKSA cache
      entry and uses that, skipping SAE step entirely.

Regards,
-Denis

Re: [RFC PATCH v1 0/2] External Auth support

[Arend Van Spriel]

On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:

> Hi Yuxuan Shui,
>
>>
>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
>> as well. However I managed to get some debug information from brcmfmac when
>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
>> well, which it reports as an authentication timeout. But if I ask it to try
>> again, it will connect successfully, and there is no external auth related log
>> the second time around.
>
> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> though the initial connection using external auth fails.  I've only seen 
> 2.10 do
> this, not 2.11.  Either way, it is a bug / lucky coincidence.
>
>>
>> So I suspect this is a firmware bug, but it should be relatively easy to
>> workaround I think? Basically we also add a timeout and retry.
>
> It would be far nicer if the brcmfmac firmware + driver combination worked
> properly :)

Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi 
kernel? What firmware capabilities are listed in debugfs?

Recently I submitted patches upstream to add external auth support. As I 
ported downstream patch the results you see do not make me optimistic that 
my patch is ready. Maybe you could help testing it?

https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*

Regards,
Arend

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
<arend.vanspriel@broadcom.com> wrote:
>
> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
>
> > Hi Yuxuan Shui,
> >
> >>
> >> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> >> as well. However I managed to get some debug information from brcmfmac when
> >> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> >> well, which it reports as an authentication timeout. But if I ask it to try
> >> again, it will connect successfully, and there is no external auth related log
> >> the second time around.
> >
> > Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> > though the initial connection using external auth fails.  I've only seen
> > 2.10 do
> > this, not 2.11.  Either way, it is a bug / lucky coincidence.
> >
> >>
> >> So I suspect this is a firmware bug, but it should be relatively easy to
> >> workaround I think? Basically we also add a timeout and retry.
> >
> > It would be far nicer if the brcmfmac firmware + driver combination worked
> > properly :)
>
> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
> kernel? What firmware capabilities are listed in debugfs?
>
> Recently I submitted patches upstream to add external auth support. As I
> ported downstream patch the results you see do not make me optimistic that
> my patch is ready. Maybe you could help testing it?
>
> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
>
> Regards,
> Arend
>
>
Arend,

I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:

$ patch -p1 < RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
Hunk #1 FAILED at 6752.
1 out of 1 hunk FAILED -- saving rejects to file
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
Hunk #1 succeeded at 524 (offset 33 lines).
patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
Hunk #1 FAILED at 1359.
1 out of 1 hunk FAILED -- saving rejects to file
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
Hunk #1 succeeded at 74 (offset -1 lines).
Hunk #2 succeeded at 336 (offset -70 lines).
patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
Hunk #1 FAILED at 15.
Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
1 out of 2 hunks FAILED -- saving rejects to file
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej

I did not try the other patches as this attempt failed. Do I need to
use a newer kernel? The latest kernel from RPiOS is 6.6.47.

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[Arend Van Spriel]

On September 22, 2024 5:36:53 PM KeithG <ys3al35l@gmail.com> wrote:

> On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
> <arend.vanspriel@broadcom.com> wrote:
>>
>> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
>>
>>> Hi Yuxuan Shui,
>>>
>>>>
>>>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
>>>> as well. However I managed to get some debug information from brcmfmac when
>>>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
>>>> well, which it reports as an authentication timeout. But if I ask it to try
>>>> again, it will connect successfully, and there is no external auth related log
>>>> the second time around.
>>>
>>> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
>>> though the initial connection using external auth fails.  I've only seen
>>> 2.10 do
>>> this, not 2.11.  Either way, it is a bug / lucky coincidence.
>>>
>>>>
>>>> So I suspect this is a firmware bug, but it should be relatively easy to
>>>> workaround I think? Basically we also add a timeout and retry.
>>>
>>> It would be far nicer if the brcmfmac firmware + driver combination worked
>>> properly :)
>>
>> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
>> kernel? What firmware capabilities are listed in debugfs?
>>
>> Recently I submitted patches upstream to add external auth support. As I
>> ported downstream patch the results you see do not make me optimistic that
>> my patch is ready. Maybe you could help testing it?
>>
>> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
>>
>> Regards,
>> Arend
> Arend,
>
> I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:
>
> $ patch -p1 < 
> RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
> patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> Hunk #1 FAILED at 6752.
> 1 out of 1 hunk FAILED -- saving rejects to file
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
> patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
> Hunk #1 succeeded at 524 (offset 33 lines).
> patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
> Hunk #1 FAILED at 1359.
> 1 out of 1 hunk FAILED -- saving rejects to file
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
> patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
> Hunk #1 succeeded at 74 (offset -1 lines).
> Hunk #2 succeeded at 336 (offset -70 lines).
> patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
> Hunk #1 FAILED at 15.
> Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
> 1 out of 2 hunks FAILED -- saving rejects to file
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej
>
> I did not try the other patches as this attempt failed. Do I need to
> use a newer kernel? The latest kernel from RPiOS is 6.6.47.

I did major rework to support multiple vendors with differing firmware 
APIs. So I can imagine you would need other patches that were submitted 
earlier. Easiest would be to use the backports project which allows running 
latest driver like wireless-next on older kernels.

I can try. Do you have a URL of the RPiOS kernel repo?

Regards,
Arend
> Keith

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Sun, Sep 22, 2024 at 11:20 AM Arend Van Spriel
<arend.vanspriel@broadcom.com> wrote:
>
> On September 22, 2024 5:36:53 PM KeithG <ys3al35l@gmail.com> wrote:
>
> > On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
> > <arend.vanspriel@broadcom.com> wrote:
> >>
> >> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
> >>
> >>> Hi Yuxuan Shui,
> >>>
> >>>>
> >>>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> >>>> as well. However I managed to get some debug information from brcmfmac when
> >>>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> >>>> well, which it reports as an authentication timeout. But if I ask it to try
> >>>> again, it will connect successfully, and there is no external auth related log
> >>>> the second time around.
> >>>
> >>> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> >>> though the initial connection using external auth fails.  I've only seen
> >>> 2.10 do
> >>> this, not 2.11.  Either way, it is a bug / lucky coincidence.
> >>>
> >>>>
> >>>> So I suspect this is a firmware bug, but it should be relatively easy to
> >>>> workaround I think? Basically we also add a timeout and retry.
> >>>
> >>> It would be far nicer if the brcmfmac firmware + driver combination worked
> >>> properly :)
> >>
> >> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
> >> kernel? What firmware capabilities are listed in debugfs?
> >>
> >> Recently I submitted patches upstream to add external auth support. As I
> >> ported downstream patch the results you see do not make me optimistic that
> >> my patch is ready. Maybe you could help testing it?
> >>
> >> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
> >>
> >> Regards,
> >> Arend
> > Arend,
> >
> > I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:
> >
> > $ patch -p1 <
> > RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
> > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> > Hunk #1 FAILED at 6752.
> > 1 out of 1 hunk FAILED -- saving rejects to file
> > drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
> > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
> > Hunk #1 succeeded at 524 (offset 33 lines).
> > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
> > Hunk #1 FAILED at 1359.
> > 1 out of 1 hunk FAILED -- saving rejects to file
> > drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
> > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
> > Hunk #1 succeeded at 74 (offset -1 lines).
> > Hunk #2 succeeded at 336 (offset -70 lines).
> > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
> > Hunk #1 FAILED at 15.
> > Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
> > 1 out of 2 hunks FAILED -- saving rejects to file
> > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej
> >
> > I did not try the other patches as this attempt failed. Do I need to
> > use a newer kernel? The latest kernel from RPiOS is 6.6.47.
>
> I did major rework to support multiple vendors with differing firmware
> APIs. So I can imagine you would need other patches that were submitted
> earlier. Easiest would be to use the backports project which allows running
> latest driver like wireless-next on older kernels.
>
> I can try. Do you have a URL of the RPiOS kernel repo?
>
> Regards,
> Arend
> > Keith
>
>

Arend,
It is either here as a git clone:
git clone --depth=1 https://github.com/raspberrypi/linux

or here as a gzip:
https://github.com/raspberrypi/linux/archive/refs/tags/stable_20240529.tar.gz

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

Arend,

Is there anything I can help with on this effort to get External Auth
working on a kernel that more of us are using? RPiOS is currently at
6.6.51.

Keith

On Sun, Sep 22, 2024 at 11:29 AM KeithG <ys3al35l@gmail.com> wrote:
>
> On Sun, Sep 22, 2024 at 11:20 AM Arend Van Spriel
> <arend.vanspriel@broadcom.com> wrote:
> >
> > On September 22, 2024 5:36:53 PM KeithG <ys3al35l@gmail.com> wrote:
> >
> > > On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
> > > <arend.vanspriel@broadcom.com> wrote:
> > >>
> > >> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
> > >>
> > >>> Hi Yuxuan Shui,
> > >>>
> > >>>>
> > >>>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> > >>>> as well. However I managed to get some debug information from brcmfmac when
> > >>>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> > >>>> well, which it reports as an authentication timeout. But if I ask it to try
> > >>>> again, it will connect successfully, and there is no external auth related log
> > >>>> the second time around.
> > >>>
> > >>> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> > >>> though the initial connection using external auth fails.  I've only seen
> > >>> 2.10 do
> > >>> this, not 2.11.  Either way, it is a bug / lucky coincidence.
> > >>>
> > >>>>
> > >>>> So I suspect this is a firmware bug, but it should be relatively easy to
> > >>>> workaround I think? Basically we also add a timeout and retry.
> > >>>
> > >>> It would be far nicer if the brcmfmac firmware + driver combination worked
> > >>> properly :)
> > >>
> > >> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
> > >> kernel? What firmware capabilities are listed in debugfs?
> > >>
> > >> Recently I submitted patches upstream to add external auth support. As I
> > >> ported downstream patch the results you see do not make me optimistic that
> > >> my patch is ready. Maybe you could help testing it?
> > >>
> > >> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
> > >>
> > >> Regards,
> > >> Arend
> > > Arend,
> > >
> > > I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:
> > >
> > > $ patch -p1 <
> > > RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
> > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> > > Hunk #1 FAILED at 6752.
> > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
> > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
> > > Hunk #1 succeeded at 524 (offset 33 lines).
> > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
> > > Hunk #1 FAILED at 1359.
> > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
> > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
> > > Hunk #1 succeeded at 74 (offset -1 lines).
> > > Hunk #2 succeeded at 336 (offset -70 lines).
> > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
> > > Hunk #1 FAILED at 15.
> > > Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
> > > 1 out of 2 hunks FAILED -- saving rejects to file
> > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej
> > >
> > > I did not try the other patches as this attempt failed. Do I need to
> > > use a newer kernel? The latest kernel from RPiOS is 6.6.47.
> >
> > I did major rework to support multiple vendors with differing firmware
> > APIs. So I can imagine you would need other patches that were submitted
> > earlier. Easiest would be to use the backports project which allows running
> > latest driver like wireless-next on older kernels.
> >
> > I can try. Do you have a URL of the RPiOS kernel repo?
> >
> > Regards,
> > Arend
> > > Keith
> >
> >
>
> Arend,
> It is either here as a git clone:
> git clone --depth=1 https://github.com/raspberrypi/linux
>
> or here as a gzip:
> https://github.com/raspberrypi/linux/archive/refs/tags/stable_20240529.tar.gz
>
> Keith

Re: [RFC PATCH v1 0/2] External Auth support

[Jeremy Blum]

Infineon has just released updated firmware for the 43455 chipset, and
and updated brcmfmac driver. May be relevant to this conversation
about getting IWD supporting WPA3 with the brcmfmac SAE offload
implementation.
https://community.infineon.com/t5/AIROC-Wi-Fi-and-Wi-Fi-Bluetooth/Cypress-Linux-WiFi-Driver-Release-FMAC-2024-11-21/td-p/902888


On Thu, Oct 10, 2024 at 8:38 AM KeithG <ys3al35l@gmail.com> wrote:
>
> Arend,
>
> Is there anything I can help with on this effort to get External Auth
> working on a kernel that more of us are using? RPiOS is currently at
> 6.6.51.
>
> Keith
>
> On Sun, Sep 22, 2024 at 11:29 AM KeithG <ys3al35l@gmail.com> wrote:
> >
> > On Sun, Sep 22, 2024 at 11:20 AM Arend Van Spriel
> > <arend.vanspriel@broadcom.com> wrote:
> > >
> > > On September 22, 2024 5:36:53 PM KeithG <ys3al35l@gmail.com> wrote:
> > >
> > > > On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
> > > > <arend.vanspriel@broadcom.com> wrote:
> > > >>
> > > >> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
> > > >>
> > > >>> Hi Yuxuan Shui,
> > > >>>
> > > >>>>
> > > >>>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> > > >>>> as well. However I managed to get some debug information from brcmfmac when
> > > >>>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> > > >>>> well, which it reports as an authentication timeout. But if I ask it to try
> > > >>>> again, it will connect successfully, and there is no external auth related log
> > > >>>> the second time around.
> > > >>>
> > > >>> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> > > >>> though the initial connection using external auth fails.  I've only seen
> > > >>> 2.10 do
> > > >>> this, not 2.11.  Either way, it is a bug / lucky coincidence.
> > > >>>
> > > >>>>
> > > >>>> So I suspect this is a firmware bug, but it should be relatively easy to
> > > >>>> workaround I think? Basically we also add a timeout and retry.
> > > >>>
> > > >>> It would be far nicer if the brcmfmac firmware + driver combination worked
> > > >>> properly :)
> > > >>
> > > >> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
> > > >> kernel? What firmware capabilities are listed in debugfs?
> > > >>
> > > >> Recently I submitted patches upstream to add external auth support. As I
> > > >> ported downstream patch the results you see do not make me optimistic that
> > > >> my patch is ready. Maybe you could help testing it?
> > > >>
> > > >> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
> > > >>
> > > >> Regards,
> > > >> Arend
> > > > Arend,
> > > >
> > > > I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:
> > > >
> > > > $ patch -p1 <
> > > > RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
> > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> > > > Hunk #1 FAILED at 6752.
> > > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
> > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
> > > > Hunk #1 succeeded at 524 (offset 33 lines).
> > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
> > > > Hunk #1 FAILED at 1359.
> > > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
> > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
> > > > Hunk #1 succeeded at 74 (offset -1 lines).
> > > > Hunk #2 succeeded at 336 (offset -70 lines).
> > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
> > > > Hunk #1 FAILED at 15.
> > > > Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
> > > > 1 out of 2 hunks FAILED -- saving rejects to file
> > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej
> > > >
> > > > I did not try the other patches as this attempt failed. Do I need to
> > > > use a newer kernel? The latest kernel from RPiOS is 6.6.47.
> > >
> > > I did major rework to support multiple vendors with differing firmware
> > > APIs. So I can imagine you would need other patches that were submitted
> > > earlier. Easiest would be to use the backports project which allows running
> > > latest driver like wireless-next on older kernels.
> > >
> > > I can try. Do you have a URL of the RPiOS kernel repo?
> > >
> > > Regards,
> > > Arend
> > > > Keith
> > >
> > >
> >
> > Arend,
> > It is either here as a git clone:
> > git clone --depth=1 https://github.com/raspberrypi/linux
> >
> > or here as a gzip:
> > https://github.com/raspberrypi/linux/archive/refs/tags/stable_20240529.tar.gz
> >
> > Keith
>


-- 
Jeremy Blum   |   jeremy@shapertools.com   |   +1 (914) 522-0416

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

On Wed, Dec 11, 2024 at 5:00 PM Jeremy Blum <jeremy@shapertools.com> wrote:
>
> Infineon has just released updated firmware for the 43455 chipset, and
> and updated brcmfmac driver. May be relevant to this conversation
> about getting IWD supporting WPA3 with the brcmfmac SAE offload
> implementation.
> https://community.infineon.com/t5/AIROC-Wi-Fi-and-Wi-Fi-Bluetooth/Cypress-Linux-WiFi-Driver-Release-FMAC-2024-11-21/td-p/902888
>
>
> On Thu, Oct 10, 2024 at 8:38 AM KeithG <ys3al35l@gmail.com> wrote:
> >
> > Arend,
> >
> > Is there anything I can help with on this effort to get External Auth
> > working on a kernel that more of us are using? RPiOS is currently at
> > 6.6.51.
> >
> > Keith
> >
> > On Sun, Sep 22, 2024 at 11:29 AM KeithG <ys3al35l@gmail.com> wrote:
> > >
> > > On Sun, Sep 22, 2024 at 11:20 AM Arend Van Spriel
> > > <arend.vanspriel@broadcom.com> wrote:
> > > >
> > > > On September 22, 2024 5:36:53 PM KeithG <ys3al35l@gmail.com> wrote:
> > > >
> > > > > On Sun, Sep 22, 2024 at 1:09 AM Arend Van Spriel
> > > > > <arend.vanspriel@broadcom.com> wrote:
> > > > >>
> > > > >> On September 22, 2024 5:35:03 AM Denis Kenzior <denkenz@gmail.com> wrote:
> > > > >>
> > > > >>> Hi Yuxuan Shui,
> > > > >>>
> > > > >>>>
> > > > >>>> I tested this on an RPi5 too, and indeed I am having the same problem as KeithG
> > > > >>>> as well. However I managed to get some debug information from brcmfmac when
> > > > >>>> running wpa_supplicant. Interestingly wpa_supplicant gets the same -52 error as
> > > > >>>> well, which it reports as an authentication timeout. But if I ask it to try
> > > > >>>> again, it will connect successfully, and there is no external auth related log
> > > > >>>> the second time around.
> > > > >>>
> > > > >>> Yep.  It looks like wpa_s puts the resulting PMKSA into the kernel cache even
> > > > >>> though the initial connection using external auth fails.  I've only seen
> > > > >>> 2.10 do
> > > > >>> this, not 2.11.  Either way, it is a bug / lucky coincidence.
> > > > >>>
> > > > >>>>
> > > > >>>> So I suspect this is a firmware bug, but it should be relatively easy to
> > > > >>>> workaround I think? Basically we also add a timeout and retry.
> > > > >>>
> > > > >>> It would be far nicer if the brcmfmac firmware + driver combination worked
> > > > >>> properly :)
> > > > >>
> > > > >> Indeed it would. So what's in the mix? What kernel is used? Upstream or RPi
> > > > >> kernel? What firmware capabilities are listed in debugfs?
> > > > >>
> > > > >> Recently I submitted patches upstream to add external auth support. As I
> > > > >> ported downstream patch the results you see do not make me optimistic that
> > > > >> my patch is ready. Maybe you could help testing it?
> > > > >>
> > > > >> https://patchwork.kernel.org/project/linux-wireless/list/?series=891248&state=*
> > > > >>
> > > > >> Regards,
> > > > >> Arend
> > > > > Arend,
> > > > >
> > > > > I tried to apply the patch set to kernel 6.6.44-v8 and was unable to patch it:
> > > > >
> > > > > $ patch -p1 <
> > > > > RFT-v2-1-3-wifi-brcmfmac-support-per-vendor-cfg80211-callbacks-and-firmware-events.patch
> > > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> > > > > Hunk #1 FAILED at 6752.
> > > > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.rej
> > > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
> > > > > Hunk #1 succeeded at 524 (offset 33 lines).
> > > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
> > > > > Hunk #1 FAILED at 1359.
> > > > > 1 out of 1 hunk FAILED -- saving rejects to file
> > > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c.rej
> > > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c
> > > > > Hunk #1 succeeded at 74 (offset -1 lines).
> > > > > Hunk #2 succeeded at 336 (offset -70 lines).
> > > > > patching file drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
> > > > > Hunk #1 FAILED at 15.
> > > > > Hunk #2 succeeded at 47 with fuzz 1 (offset -9 lines).
> > > > > 1 out of 2 hunks FAILED -- saving rejects to file
> > > > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h.rej
> > > > >
> > > > > I did not try the other patches as this attempt failed. Do I need to
> > > > > use a newer kernel? The latest kernel from RPiOS is 6.6.47.
> > > >
> > > > I did major rework to support multiple vendors with differing firmware
> > > > APIs. So I can imagine you would need other patches that were submitted
> > > > earlier. Easiest would be to use the backports project which allows running
> > > > latest driver like wireless-next on older kernels.
> > > >
> > > > I can try. Do you have a URL of the RPiOS kernel repo?
> > > >
> > > > Regards,
> > > > Arend
> > > > > Keith
> > > >
> > > >
> > >
> > > Arend,
> > > It is either here as a git clone:
> > > git clone --depth=1 https://github.com/raspberrypi/linux
> > >
> > > or here as a gzip:
> > > https://github.com/raspberrypi/linux/archive/refs/tags/stable_20240529.tar.gz
> > >
> > > Keith
Jeremy,

I tried this new firmware with the existing driver in the 6.6.xx
kernel on the Rpi3b+ over the weekend. It almost works. I posted a log
and such to the brcm80211, linux-wireless lists. I think those are the
best fit, but just let me know if I should send it elsewhere. I can
patch and test the brcm80211 driver as I have a kernel build ready to
add it to.

The error seems to be something with BCME, though I have no idea what that is:

brcmfmac: brcmf_fil_cmd_data Firmware error: BCME_BADADDR (-21)
brcmfmac: brcmf_fil_iovar_data_get ifidx=0, name=sta_info, len=296, err=-52
ieee80211 phy0: brcmf_cfg80211_get_station: GET STA INFO failed, -52
brcmf_fil_cmd_data Firmware error: BCME_UNSUPPORTED (-23)
brcmf_fil_iovar_data_get ifidx=0, name=tdls_sta_info, len=296, err=-52
brcmfmac: brcmf_fil_cmd_data Firmware error: BCME_BADADDR (-21)
brcmfmac: brcmf_fil_iovar_data_get ifidx=0, name=sta_info, len=296, err=-52
ieee80211 phy0: brcmf_cfg80211_get_station: GET STA INFO failed, -52

Keith

Re: [RFC PATCH v1 0/2] External Auth support

[KeithG]

It appears that this patch series no longer applies to the current
git. Is it implemented in iwd or does it need to be refactored to
apply to the current repo?

Keith

On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> This series implements External Auth support on Full MAC cards that do
> not support SAE offload.  I have not been able to test this fully since
> the brcmfmac firmware on the RPi 5 does not actually work properly.
> Maybe some enterprising person can test it on a firmware that does work?
>
> Denis Kenzior (2):
>   netdev: external auth support
>   sae: Allow ability to force Group 19 / Hunt and Peck
>
>  src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
>  src/nl80211util.c |   4 +-
>  src/sae.c         |  20 ++++
>  src/sae.h         |   3 +
>  src/wiphy.c       |  19 ++--
>  5 files changed, 263 insertions(+), 41 deletions(-)
>
> --
> 2.45.2
>
>

Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior]

Hi Keith,

On 9/22/24 1:56 PM, KeithG wrote:
> It appears that this patch series no longer applies to the current
> git. Is it implemented in iwd or does it need to be refactored to
> apply to the current repo?
> 

I just rebased and resent this series on top of git HEAD.

Regards,
-Denis