VIM3 WiFi does not support WPA3

christian5271 · March 15, 2022, 9:36am

Overview: I was having trouble connecting our new VIM3 to our WPA2/WPA3 encrypted WiFi network. But after setting our WiFi to WPA2 only the device successfully connected. Once connected, I could switch the WiFi back to WPA2/WPA3 again, then restart the WiFi on the VIM3 and it successfully connected again.

Question: Does the VIM3 not support WPA3? We are evaluating the VIM3 for a digital signage application and some our customers sure want to use WPA3, so it’s critical for us to support it.

Details:

I’m using the image https://dl.khadas.com/Firmware/Krescue/images/VIM3_Ubuntu-server-focal_Linux-5.16-rc2_arm64_SD-USB_V1.0.10-220108.img.xz . I also tried older images with Kernel 4.9 , but it made no difference.

For completeness, I also did

apt update
apt full-upgrade
do-fenix-full-upgrade

I was following the instructions for server images on this page: Wi-Fi | Khadas Documentation . I also supplied the passphrase instead of a key, but it made no difference. Again, only after downgrading my WiFi to WPA2, I succeeded to connect to the WiFi.

I figured the root cause from the logs using journalctl -xu NetworkManager. Before downgrading to WPA2, the logs reported:

Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9477] Config: added 'ssid' value 'test'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9477] Config: added 'scan_ssid' value '1'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9478] Config: added 'bgscan' value 'simple:30:-70:86400'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9478] Config: added 'key_mgmt' value 'SAE FT-SAE'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9479] Config: added 'auth_alg' value 'OPEN'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9479] Config: added 'psk' value '<hidden>'
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9998] device (wlan0): supplicant interface state: disconnected -> scanning
Mar 15 08:38:34 Khadas NetworkManager[1167]: <info>  [1647333514.9999] device (p2p-dev-wlan0): supplicant management interface state: disconnected -> scanning
Mar 15 08:39:00 Khadas NetworkManager[1167]: <warn>  [1647333540.0290] device (wlan0): Activation: (wifi) association took too long, failing activation
Mar 15 08:39:00 Khadas NetworkManager[1167]: <info>  [1647333540.0290] device (wlan0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Mar 15 08:39:00 Khadas NetworkManager[1167]: <warn>  [1647333540.0308] device (wlan0): Activation: failed for connection 'test'
Mar 15 08:39:00 Khadas NetworkManager[1167]: <info>  [1647333540.0313] device (wlan0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Mar 15 08:39:00 Khadas NetworkManager[1167]: <info>  [1647333540.0523] device (wlan0): supplicant interface state: scanning -> disconnected

Notice the line saying that key_mgmt is set to SAE FT-SAE.

After downgrading our WiFi to WPA2 only and retrying the commands from the documentation, the logs changed to:

Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9246] Config: added 'ssid' value 'test'
Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9246] Config: added 'scan_ssid' value '1'
Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9246] Config: added 'bgscan' value 'simple:30:-70:86400
'
Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9247] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9247] Config: added 'auth_alg' value 'OPEN'
Mar 15 08:39:19 Khadas NetworkManager[1167]: <info>  [1647333559.9247] Config: added 'psk' value '<hidden>'
Mar 15 08:39:20 Khadas NetworkManager[1167]: <info>  [1647333560.0440] device (wlan0): supplicant interface state: ready -> associating
Mar 15 08:39:20 Khadas NetworkManager[1167]: <info>  [1647333560.0440] device (p2p-dev-wlan0): supplicant management interface state: ready -> associating
Mar 15 08:39:22 Khadas NetworkManager[1167]: <info>  [1647333562.1121] device (wlan0): supplicant interface state: associating -> completed
Mar 15 08:39:22 Khadas NetworkManager[1167]: <info>  [1647333562.1122] device (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "test"
Mar 15 08:39:22 Khadas NetworkManager[1167]: <info>  [1647333562.1122] device (p2p-dev-wlan0): supplicant management interface state: associating -> completed
Mar 15 08:39:22 Khadas NetworkManager[1167]: <info>  [1647333562.1125] device (wlan0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')

Notice that key_mgmt is now set to WPA-PSK WPA-PSK-SHA256 FT-PSK. This seemed to do the trick.

For Reference:

# wpa_supplicant -v
wpa_supplicant v2.9
Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors
# nmcli --version
nmcli tool, version 1.22.10

christian5271 · March 15, 2022, 2:34pm

For comparison, I could successfully connect to our WPA2/WPA3 WiFi when booting the Android system which is preinstalled on the eMMC. So this is clearly a software issue, not a hardware issue.

foxsquirrel · March 15, 2022, 2:41pm

Do this first to see what you have available

$ nmcli connection show

christian5271 · March 15, 2022, 5:23pm

I guess you mean nmcli device wifi because nmcli connection show shows nothing unless you are connected?!

Well, it shows my WiFi network with WPA2 WPA3 in the security column.

foxsquirrel · March 15, 2022, 6:34pm

How did you configure the connection, using NMCLI??

If so, the khadas example shows WPA try WPA3. I briefly looked at the source code and it does have WPA3 so it should work.

Did you install network-manager

If installed

nmcli radio wifi on

christian5271 · March 15, 2022, 11:30pm

I was following the documentation exactly, so yes, I was using nmcli commands. This is the network-manager CLI, so the network-manager package is already installed and up to date (see reference).

How would I go about specifying WPA3 on the command line? It seems undocumented.

Also, the source code of what exactly? Do you have a reference, please?

Furthermore, the radio is on by default, so nmcli r wifi on makes no difference.

foxsquirrel · March 16, 2022, 1:08am

git clone git://git.freedesktop.org/git/NetworkManager/NetworkManager.git

The 5.16 RC does not have the wifi modem on by default you have to turn it on. When its on

nmcli r wifi

will display enabled.

if not

ncmli r wifi on

Don’t remember if the others ones are on by default.

You should see all in range, if you are on ssh terminal, widen the window so the security is visible

$ nmcli d wifi list
IN-USE BSSID SSID MODE CHAN RATE SIGNAL BARS SECURITY
  xx:xx:xx:xx:xx:xx  xxxxxxx  Infra  11    130 Mbit/s  78      ▂▄▆_  WPA1 WPA2 

FYI 5.16rc is not one of the “approved” by Khadas. You are on your own with that version.

christian5271 · March 16, 2022, 1:58am

I have reinstalled the 5.16-rc2 image and can assure you that the radio is on by default. Nevertheless, the result is the same: When listing the networks, the security column shows WPA2 WPA3 and I cannot connect to the WiFi. After downgrading the WiFi to WPA2 only, I can connect. After upgrading the WiFI to WPA2/WPA3 and switching off and on the radio again, the connection still works.

As said before, I also tried this with the old 4.9 Kernel and it made no difference.

Using the Android which comes preinstalled on the eMMC, I have no issues connecting to our WPA2/WPA3 WiFi. Also, I have three other types of SBCs in our lab. They are all running Ubuntu or Debian and they can connect without problems, even with older versions of the network manager and the WPA supplicant. One difference between these SBCs and the VIM3 is the Broadcom driver for the wireless module. So I suspect now that it has a bug.

Is there any workaround? You mentioned specifying WPA3 explitly when connecting, but I didn’t find any documentation on that.

foxsquirrel · March 16, 2022, 2:38am

At one time it seems like with netplan you could specify the protocol. Network manager documentation is void of any specific protocol so it would imply it is a driver issue…

You might be correct on the that, it does seem like the driver is in control of the selection.

christian5271 · March 16, 2022, 2:50am

Do you have a reference to the driver source code, please? I need to dig deeper. The VIM3 is an excellent device, but this could become a showstopper: I cannot ask our customers to temporarily downgrade their WiFi configuration.

foxsquirrel · March 16, 2022, 3:43am

clone the git repository, if I remember correctly under src ??? look in the .c and .h files. Don’t recall the exact one. That was not the driver source so the git might not do you much good, it is just the net-man code.

christian5271 · March 21, 2022, 4:49pm

For reference, here’s the detail output:

# nmcli -p -f general,wifi-properties device show wlan0
===============================================================================
                            Device details (wlan0)
===============================================================================
GENERAL.DEVICE:                         wlan0
GENERAL.TYPE:                           wifi
GENERAL.NM-TYPE:                        NMDeviceWifi
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/Devices/3
GENERAL.VENDOR:                         Broadcom Corp.
GENERAL.PRODUCT:                        --
GENERAL.DRIVER:                         brcmfmac
GENERAL.DRIVER-VERSION:                 9.87.51.11
GENERAL.FIRMWARE-VERSION:               01-c7feb1ee
GENERAL.HWADDR:                         ??:??:??:??:??:??
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.REASON:                         0 (No reason given)
GENERAL.IP4-CONNECTIVITY:               4 (full)
GENERAL.IP6-CONNECTIVITY:               4 (full)
GENERAL.UDI:                            /sys/devices/platform/soc/ffe03000.sd/mmc_host/mmc2/mmc2:0001/mmc2:0001:1/net/w>
GENERAL.IP-IFACE:                       wlan0
GENERAL.IS-SOFTWARE:                    no
GENERAL.NM-MANAGED:                     yes
GENERAL.AUTOCONNECT:                    yes
GENERAL.FIRMWARE-MISSING:               no
GENERAL.NM-PLUGIN-MISSING:              no
GENERAL.PHYS-PORT-ID:                   --
GENERAL.CONNECTION:                     test
GENERAL.CON-UUID:                       eb9032e2-0a7b-4017-a12b-07a865f51401
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
GENERAL.METERED:                        no (guessed)
-------------------------------------------------------------------------------
WIFI-PROPERTIES.WEP:                    yes
WIFI-PROPERTIES.WPA:                    yes
WIFI-PROPERTIES.WPA2:                   yes
WIFI-PROPERTIES.TKIP:                   yes
WIFI-PROPERTIES.CCMP:                   yes
WIFI-PROPERTIES.AP:                     yes
WIFI-PROPERTIES.ADHOC:                  yes
WIFI-PROPERTIES.2GHZ:                   yes
WIFI-PROPERTIES.5GHZ:                   yes
WIFI-PROPERTIES.MESH:                   no
WIFI-PROPERTIES.IBSS-RSN:               no
-------------------------------------------------------------------------------

foxsquirrel · March 21, 2022, 7:49pm

At least we know it does not have it.

Just purchased a brand new Linksys Wifi router so we can test WPA3 and guess what, it does not have it… rather surprising. Never thought about that until you mentioned it.

When the customer specs out WPA3 you don’t have much choice. We are trying to decide too. The Edge V is a better fit for us with the high data transfer rate on PCIe bus. We did work out some thermal issues with both of them and now that is resolved its turned into a wait and see game. Both boards are very good, actually they leave the competitors in the dust.

We have not had the need to integrate WPA3 into anything,yet so hopefully that issue will not come up for while.