| View previous topic :: View next topic |
| Author |
Message |
symmetric
n00b
Joined: 12 Jul 2023
Posts: 12
|
 Posted: Thu May 16, 2024 4:48 am Post subject: Connecting to WPA3 with mt7921e wpa_supplicant [solved] |
 |
|
UPDATE: SOLVED! Changing driver from wext to nl80211 was the fix.
Hi all,
I just built a new system that has a Mediatek "MT7922 802.11ax PCI Express Wireless Network Adapter". As best I can tell, the card is supposed to support WPA3 and the 6 Ghz WiFi 6E bands.
Unfortunately I can't get the card to connect to my 6 Ghz WPA3 WiFi network. As best I can tell the problem is with WPA3 and not the band.
| My kernel: | $ uname -a
Linux omicron 6.9.0 #2 SMP PREEMPT_DYNAMIC Wed May 15 07:25:35 UTC 2024 x86_64 AMD Ryzen 9 7900 12-Core Processor AuthenticAMD GNU/Linux |
| dmesg showing the module / firmware: | [ 17.176093] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 17.447294] mt7921e 0000:0d:00.0: enabling device (0000 -> 0002)
[ 17.451985] mt7921e 0000:0d:00.0: ASIC revision: 79220010
[ 17.530022] mt7921e 0000:0d:00.0: HW/SW Version: 0x8a108a10, Build Time: 20240219103244a
[ 17.544135] mt7921e 0000:0d:00.0: WM Firmware Version: ____000000, Build Time: 20240219103337
[ 18.654277] mt7921e 0000:0d:00.0 wlp13s0: renamed from wlan0
|
| wpa_supplicant 2.10-r4: | [ebuild R ] net-wireless/wpa_supplicant-2.10-r4::gentoo USE="dbus fils mbo mesh qt5 readline smartcard -ap -broadcom-sta -eap-sim -eapol-test -fasteap -hs2-0 -macsec -p2p -privsep (-ps3) (-selinux) -tdls -tkip -uncommon-eap-types -wep (-wimax) -wps" 0 KiB
|
| wpa_supplicant.conf: | country=us
pmf=1
sae_pwe=2
network={
ssid="WIFI6"
scan_ssid=1
key_mgmt=SAE
ieee80211w=2
proto=RSN
wps_disabled=1
psk="[...]"
} |
Now to the failure. The "key_mgmt=SAE" parameter translates to "0x400" in the "network profile key_mgmt" when wpa_supplicant prints debugging info. This matches what my AP announces that it supports. However then wpa_supplicant reports "available key_mgmt 0x0":
| Code: | wlp13s0: WPA: AP key_mgmt 0x400 network profile key_mgmt 0x400; available key_mgmt 0x0
wlp13s0: WPA: Failed to select authenticated key management type
wlp13s0: WPA: Failed to set WPA key management and encryption suites |
If I am reading this correctly, my AP says it supports key_mgmt=SAE (which is WPA3) and my network={...} configuration matches that, but then for some reason wpa_supplicant concludes that SAE isn't actually available. My full wpa_supplicant debug output can be seen at http://www.brandonenright.net/~bmenrigh/mt_wifi/wpa_supp.txt
| iw list does report SAE available: | | Device supports SAE with AUTHENTICATE command |
My full iw list output can be seen at http://www.brandonenright.net/~bmenrigh/mt_wifi/iw_list.txt
I don't know where to go from here. I could not find definitive confirmation that mt7921e actually supports WPA3 or the firmware I'm running (sys-kernel/linux-firmware-20240410::gentoo) does. I don't know how to check the card for these capabilities beyond just iw list which seems to suggest SAE is supported.
Guidance is most welcome!
Last edited by symmetric on Fri May 17, 2024 11:37 pm; edited 2 times in total |
|
| Back to top |
|
 |
symmetric
n00b
Joined: 12 Jul 2023
Posts: 12
|
| Posted: Thu May 16, 2024 9:33 pm Post subject: |
|
|
Minor update:
I noticed https://lore.kernel.org/lkml/dffb4183e2056241628b1ec58fbe9135cb1a4d89.1712835620.git.deren.wu@mediatek.com/t/
| Deren Wu wrote: |
* [PATCH] linux-firmware: update firmware for MT7922 WiFi device
@ 2024-04-11 12:08 Deren Wu
2024-04-17 12:00 ` Josh Boyer
[...]
Update binary firmware for MT7922 WiFi devices
File: mediatek/WIFI_MT7922_patch_mcu_1_1_hdr.bin
Version: 20240409163301a
File: mediatek/WIFI_RAM_CODE_MT7922_1.bin
Version: 20240409163347 |
| So I installed the latest firmware and confirmed it loads: | [136176.168816] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[136176.168931] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[136176.169013] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[136181.913746] mt7921e 0000:0d:00.0: ASIC revision: 79220010
[136181.991232] mt7921e 0000:0d:00.0: HW/SW Version: 0x8a108a10, Build Time: 20240409163301a
[136182.005195] mt7921e 0000:0d:00.0: WM Firmware Version: ____000000, Build Time: 20240409163347
[136183.105921] mt7921e 0000:0d:00.0 wlp13s0: renamed from wlan0 |
| Unfortunately SAE still doesn't seem to be available for wpa_supplicant: | wlp13s0: WPA: AP group 0x10 network profile group 0x10; available group 0x10
wlp13s0: WPA: using GTK CCMP
wlp13s0: WPA: AP pairwise 0x10 network profile pairwise 0x10; available pairwise 0x10
wlp13s0: WPA: using PTK CCMP
wlp13s0: WPA: AP key_mgmt 0x400 network profile key_mgmt 0x400; available key_mgmt 0x0 |
I don't know how to probe the capabilities of the card to see if SAE is actually missing. I've looked through the wpa_supplicant code but not for long enough to fully understand how it figures out what the card can handle. |
|
| Back to top |
|
|
symmetric
n00b
Joined: 12 Jul 2023
Posts: 12
|
| Posted: Fri May 17, 2024 11:34 pm Post subject: |
|
|
After a very long and painful journey I figured it out.
The "wext" driver used by wpa_supplicant doesn't properly detect the card's features. Changing the driver to "nl80211" fixes the problem.
| Code: | | wpa_supplicant_wlp13s0="-Dnl80211" |
I figured this out by modifying wpa_supplicant to print much more debug code at each step (namely the wpa_s->drv_flags value as it is passed through the code). The 'drv_flags' struct member holds all the various capability flags/features and with the wext driver it was always 0. I traced this back into the wext driver itself. Changing to the nl80211 driver allowed the feature flags to be populated correctly.
Until this point, I wasn't even aware there was a newer driver than wext, which goes to show old knowledge can really bite you. |
|
| Back to top |
|
|
|
Networking & Security
