The driver is claiming support for 802.11R / BSS FT as see in # busctl -j get-property fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/1 fi.w1.wpa_supplicant1.Interface Capabilities | cat KeyMgmt contains wpa-ft-eap and wpa-ft-psk. When wpa_supplicant is built with CONFIG_IEEE80211R defined, it will try to use it and fail to connect to access points using 802.11R. I have tried to uprade the (very old) firmware but although it's loading properly, it can't connect to any network. Please see the downstream bug report for many more details: https://bugs.archlinux.org/task/63397 At least 3 users of the BCM4350 adapter have reported the issue there, this is likely to grow as more distribution ship with 802.11R-enabled wpa_supplicant. Please let me know if I can provide any more useful information.
I believe this is a bug in wpa_supplicant, not the kernel driver. brcmfmac does not support FT. http://lists.infradead.org/pipermail/hostap/2020-February/041220.html
This indeed fixes the problem. Regarding the very out of date firmware, do you consider it a "bug" that the driver is unable to work correclty with newer firmware, or is it expected and if yes, would there be a chance that something is done about it? I unfortunately don't have access to the changelog, but I'm worried that the firmware pre-dates https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html And it was affecting very similar chips...
(In reply to François Guerraz from comment #2) > This indeed fixes the problem. Then this bug should probably be closed. I don't have the ability to do so, but maybe you (as reporter) do? > Regarding the very out of date firmware, I really don't know what firmware you're talking about. Do you mean, brcmfmac4350* firmware from the linux-firmware repository? Yes, it appears not to have been updated in forever. But other variants (4354, for instance) have updates, with CVE notices. Anyway, this is off topic. You could probably ask on linux-wireless@ if you're interested about particular firmware. I believe there are still some Broadcom folks who actually listen there.
Ok, will do! Thanks.
Hi, I'm facing the same issue with a Dell XPS 13 9350, BCM4350 and brcmfmac driver on Arch and Ubuntu, and key_mgmt WPA-PSK WPA-PSK-SHA256 FT-PSK. (In reply to Brian Norris from comment #1) > http://lists.infradead.org/pipermail/hostap/2020-February/041220.html (In reply to François Guerraz from comment #2) > This indeed fixes the problem. That link is dead, what was the proposed solution please?
Not sure why the mailing list archive link died :( Anyway, it's committed here: https://w1.fi/cgit/hostap/commit/?id=23dc196fde951b3d508f367a603cddffbd053490 commit 23dc196fde951b3d508f367a603cddffbd053490 Author: Matthew Wang <matthewmwang@chromium.org> Date: Mon Feb 3 17:12:05 2020 -0800 Check for FT support when selecting FT suites
Hi, I'm using Raspberry PI 3b (driver=brcmfmac driverversion=7.45.154) with wpa_supplicant v2.4 and seeing below error in supplicant. This is seen only with key_mgmt = FT-PSK/FT-EAP. Supplicant is able to connect when key_mgmt = WPA-PSK/WPA-EAP. Can you please explain if the this issue is fixed in latest WPA_Supplicant version (version number please)? 1614190880.526576: nl80211: MLME connect failed: ret=-22 (Invalid argument) 1614190880.526636:* wlan0: Association request to the driver failed* 1614190880.526896: CTRL_IFACE monitor sent successfully to /tmp/wpa_ctrl_31742-2\x00 1614190880.526969: wlan0: Radio work 'connect'@0x55c930 done in 0.011988 seconds 1614190880.527007: Added BSSID <bssid> into blacklist 1614190880.527046: wlan0: Blacklist count 1 --> request scan in 100 ms 1614190880.527083: wlan0: Setting scan request: 0.100000 sec 1614190880.527273: wlan0: State: ASSOCIATING -> DISCONNECTED
There is no official wpa_supplicant release that includes this yet. But wpa_supplicant doesn't really do regular releases, so it's probably up to your distribution to update to whatever version seems right. 2.4 is ancient (2015), by the way, so there's no chance you have any modern fixes. This is not a support forum (and definitely not a wpa_supplicant support forum), so I'm not sure there's any more to do here.