Description of the problem: Currently, wpa_supplicant can't support WPA3 with Wi-Fi modules that use the brcmfmac driver. This is because the driver only supports offload mode, which wpa_supplicant currently does not support. Reproducible: Always Steps to Reproduce: 1. Attempt to connect to a Wi-Fi network that requires WPA3 auth Actual Results: Fail to connect Expected Results: Authenticate and connect properly Additional info: There is a patch set that resolves the problem: http://lists.infradead.org/pipermail/hostap/2023-July/041653.html It would be ideal if this patch set was backported to Fedora 38 as well for the Fedora Asahi Remix to benefit from it.
Note that this is a blocker for shipping Fedora Asahi Remix (we'd like to do that by the end of the month). We need to offer WPA3 support; the other option is to switch from wpa_supplicant to iwd (which does support this), but iwd comes with its own set of bugs and issues.
(In reply to Hector Martin from comment #1) > Note that this is a blocker for shipping Fedora Asahi Remix (we'd like to do > that by the end of the month). We need to offer WPA3 support; the other > option is to switch from wpa_supplicant to iwd (which does support this), > but iwd comes with its own set of bugs and issues. hello, these 2 patches are not yet applied to the upstream project. Can we wait until they are reviewed and applied? thanks, -- davide
(In reply to Davide Caratti from comment #2) > (In reply to Hector Martin from comment #1) > > Note that this is a blocker for shipping Fedora Asahi Remix (we'd like to do > > that by the end of the month). We need to offer WPA3 support; the other > > option is to switch from wpa_supplicant to iwd (which does support this), > > but iwd comes with its own set of bugs and issues. > > hello, these 2 patches are not yet applied to the upstream project. Can we > wait until they are reviewed and applied? > thanks, > -- > davide I'm not sure we can. Having WPA3 not working is a pretty significant impairment for networking Macs. Are any of the maintainers of wpa_supplicant able to review the patches upstream to help get them applied?
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.
@marcan Jouni usually gets around to it, but it's often in batches. Not surprised that it's been a month since Daisuke posted; Jouni did review some things last week at least. Not that I'm a maintainer, but I had one question on the patch, otherwise looks fairly sane to me.
Put up a naive backport of this at https://src.fedoraproject.org/rpms/wpa_supplicant/pull-request/20 to ease testing.
Could we please get this PR landed in Fedora? Our list of blockers for the GA release of Fedora Asahi Remix is quickly getting whittled down and I would *really* like to have this resolved.
(In reply to Neal Gompa from comment #7) > Could we please get this PR landed in Fedora? Our list of blockers for the > GA release of Fedora Asahi Remix is quickly getting whittled down and I > would *really* like to have this resolved. hello Neal, and Davide, the problem with merging that patch is that it potentially creates problems on configurations where SAE offload is used with password ID (see https://lists.infradead.org/pipermail/hostap/2023-August/041717.html). Maybe we should be cautious of not breaking the functionality for other NICs / preserve a consistent behavior. It's not a big deal, since NL80211_EXT_FEATURE_SAE_OFFLOAD is only enabled on Broadcom chipsets according to [1] at the moment. [1] https://elixir.bootlin.com/linux/v6.6-rc1/C/ident/NL80211_EXT_FEATURE_SAE_OFFLOAD
Yeah, that seems like a really minor corner case. As far as I can tell the NL80211 offload API doesn't support that feature, and probably neither does our firmware, so we can't support it anyway. It probably makes sense to have that discussion upstream and handle it more cleanly, but I doubt another driver is going to grow the offload feature in the window while that is sorted out, and meanwhile we have no WPA3 at all and user complaints flowing in (the latest "WPA3 doesn't work" bug report we got was just yesterday), so I'd really much rather pick up the patches as-is for now and bikeshed the details later...
FEDORA-2023-ab6ea95762 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-ab6ea95762
FEDORA-2023-ab6ea95762 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-ab6ea95762` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-ab6ea95762 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-ab6ea95762 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-d031eaff09 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d031eaff09
FEDORA-2023-d031eaff09 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.