Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password

From: Julian Calaby <julian.calaby@gmail.com>
To: Arend van Spriel <arend.vanspriel@broadcom.com>,
	Kalle Valo <kvalo@kernel.org>
Cc: Hector Martin <marcan@marcan.st>,
	Arend van Spriel <aspriel@gmail.com>,
	 Franky Lin <franky.lin@broadcom.com>,
	Hante Meuleman <hante.meuleman@broadcom.com>,
	 Daniel Berlin <dberlin@dberlin.org>,
	linux-wireless@vger.kernel.org,
	 brcm80211-dev-list.pdl@broadcom.com,
	SHA-cyfmac-dev-list@infineon.com,  linux-kernel@vger.kernel.org,
	asahi@lists.linux.dev
Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password
Date: Wed, 20 Dec 2023 01:26:30 +1100	[thread overview]
Message-ID: <CAGRGNgW0h_uqHn0rKwGx0L41R+YgzgWPEh83kSKVCeqfCDeOug@mail.gmail.com> (raw)
In-Reply-To: <c392f901-789a-42e2-8cf7-5e246365a1ca@broadcom.com>

Hi Arend and Kalle,

On Wed, Dec 20, 2023 at 12:47 AM Arend van Spriel
<arend.vanspriel@broadcom.com> wrote:
>
> On 12/19/2023 12:01 PM, Hector Martin wrote:
> >
> >
> > On 2023/12/19 17:52, Arend Van Spriel wrote:
> >> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
> >>
> >>> Hector Martin <marcan@marcan.st> wrote:
> >>>
> >>>> Using the WSEC command instead of sae_password seems to be the supported
> >>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
> >>>>
> >>>> According to user reports [1], the sae_password codepath doesn't actually
> >>>> work on machines with Cypress chips anyway, so no harm in removing it.
> >>>>
> >>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
> >>>> patchset [2].
> >>>>
> >>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
> >>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
> >>>>
> >>>> Signed-off-by: Hector Martin <marcan@marcan.st>
> >>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
> >>>
> >>> Arend, what do you think?
> >>>
> >>> We recently talked about people testing brcmfmac patches, has anyone else
> >>> tested this?
> >>
> >> Not sure I already replied so maybe I am repeating myself. I would prefer
> >> to keep the Cypress sae_password path as well although it reportedly does
> >> not work. The vendor support in the driver can be used to accommodate for
> >> that. The other option would be to have people with Cypress chipset test
> >> this patch. If that works for both we can consider dropping the
> >> sae_password path.
> >>
> >> Regards,
> >> Arend
> >
> > So, if nobody from Cypress chimes in ever, and nobody cares nor tests
> > Cypress chipsets, are we keeping any and all existing Cypress code-paths
> > as bitrotting code forever and adding gratuitous conditionals every time
> > any functionality needs to change "just in case it breaks Cypress" even
> > though it has been tested compatible on Broadcom chipsets/firmware?
> >
> > Because that's not sustainable long term.
>
> You should look into WEXT just for the fun of it. If it were up to me
> and a bunch of other people that would have been gone decades ago. Maybe
> a bad example if the sae_password is indeed not working, but the Cypress
> chipset is used in RPi3 and RPi4 so there must be a couple of users.

There are reports that WPA3 is broken on the Cypress chipsets the
Raspberry Pis are using and this patch fixes it:
https://rachelbythebay.com/w/2023/11/06/wpa3/

Based on that, it appears that all known users of WPA3 capable
hardware with this driver require this fix.

Thanks,

-- 
Julian Calaby

Email: julian.calaby@gmail.com
Profile: http://www.google.com/profiles/julian.calaby/