Score:0

Is WPA3 support depends on hardware or software (or both)?

cn flag

I upgraded my router's firmware to OpenWrt 21.02 which introduces WPA3 support.

My experience is awful about that. Devices (tablets, phones, laptops) can't estabilish connection, except when I switch encryption to WPA2.

If I'am not mistaken, WPA3 support added to Ubuntu in 20.04 LTS. In Android platform, this feature added in Android 10. My laptops run Ubuntu 20.04 and a few Android devices run Android 10 / 11.

However WPA3 still doesn't work. My ubuntu based laptops can see the WPA3 network SSID, but connection is unsuccessful. My Android devices can't even see SSID. I wonder hardware (network cards) is obsolete in my devices and maybe that's my problem.

So WPA3 support depends on your hardware, or just your software (operating system)?

Pilot6 avatar
cn flag
This question is unrelated to Ubuntu. WPA3 is software and it works in Ubuntu. It does work with Openwrt 21.02.
chili555 avatar
cn flag
This suggests that WPA3 is also hardware related: https://www.intel.com/content/www/us/en/support/articles/000054783/wireless.html Many later Intel devices but not, for example my Intel 7260.
Pilot6 avatar
cn flag
@chili555 That list is for Windows 10. I didn't test 7260 on Ubuntu yet, but it is quite easy to do.
Pilot6 avatar
cn flag
Oh, i forgot that I did. I have a laptop with 7260. WPA3 works. WPA3 works with Openwrt on ancient routers.
chili555 avatar
cn flag
@Pilot6 Are you confirming that WPA3 is *not* hardware related and that it is solely governed by the router?
Pilot6 avatar
cn flag
Well, I didn't dig deep into the issue. But I can confirm that WPA3 works on 15-year-old routers and that Intel 7260 works too. I think hardware encryption acceleration isn't used, but old hardware is supported on Linux. The encryption is done by openssl or wolfssl, that is pure software.
Score:4
vn flag

WPA3 support is purely based on software. There is no dedicated hardware required to run either WPA version.

Consider the following announcement, and specifically the quote from Cisco:

Cisco is in full support of Wi-Fi Alliance’s continual focus on security evolution to WPA3. The WPA3 program will bring much needed upgrades to wireless security protecting all levels of customers from consumer to enterprise/government. Cisco is committed to integrating WPA3 features into our Aironet Access Points and Wireless Controllers via a firmware upgrade so that our existing and new customers can take advantage of the capabilities offered by WPA3. - Greg Dorai, Vice President Cisco WLAN, Cisco

This clearly states that WPA3 support for proprietary devices can be added with a firmware upgrade - which is purely software, and not a hardware feature.

But of course, the hardware vendor has to release such a firmware update, before you can connect with WPA3 from your Ubuntu PC (or any other device).

anx avatar
cc flag
anx
Do firmware woes not become hard(ware) problems, after the "vendor has to" ship [has](https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html) [sailed](https://www.intel.com/content/www/us/en/support/articles/000006507/wireless.html)?
Artur Meinild avatar
vn flag
That depends on how you read/define *"depend on hardware"*. I interpret this as if there are specific hardware requirements - which is *not* the case. But it is a prerequisite that the vendor supports their hardware with appropriate software (firmware) for functions like WPA3 to work. But since you put up the bounty, you'll ultimately decide which answer works best for you.
anx avatar
cc flag
anx
I am trying to confirm my *vague suspicion* that some dedicated hardware specifically *ruins* either WPA version (with little consequence in the distinction between the vendor unable or unwilling to assist), while some hardware continues to work with new crypto without depending on the vendors *commitment*. Cisco has some examples that could be upgraded? Good for them, but not necessarily generalizable. Lets draw the line where it matters for using Ubuntu - can I fix it in Ubuntu, or can Canonical fix it?
Score:2
cn flag

Delete old WPA2 connections in Ubuntu and connect again using your password.

Probably you configured Openwrt a wrong way.

Also there is WPA2/WPA3 option in Openwrt.

I can confirm that WPA3 works on old routers with e.g. AR922X wireless chips and also it does work on really old hardware Ubuntu clients.

The encryption part is done by openssl or wolfssl, so I don't see how hardware may stop it.

Score:0
cc flag
anx

Both. Ubuntu does depend on certain properties of the NIC hardware (and their, possibly loadable, firmware), though they do not specifically need to advertise support for WPA3. There are known examples of otherwise compatible older hardware that won't work. Such can be identified by inquiring capabilities from the driver, which will lack MFP support:

sudo find /sys/kernel/debug/ieee80211/ -name hwflags  -exec \
 sh -c "grep -q MFP_CAPABLE '{}' && echo '# OK: {}' || echo '# MISSING SUPPORT: {}'" ';'
# MISSING SUPPORT: /sys/kernel/debug/ieee80211/phy0/hwflags
# OK: /sys/kernel/debug/ieee80211/phy1/hwflags
# OK: /sys/kernel/debug/ieee80211/phy2/hwflags

My working theory is that the entire iwldvm driver is affected, so Intel cards with names like Advanced-N 6205 or 6200AGN can not be used in WPA3 networks, even when running modern Ubuntu version. This may or may not be a physical lack of feature or defect in the NICs. If it is a software issue, it is not one likely to be solvable, as Intel has not provided firmware updates beyond 2010. In any case, they are said to break kernel features that could otherwise make up for their lack in crypto hardware-acceleration.

Artur Meinild avatar
vn flag
So this answer is basically states that some hardware vendors dont provide proper firmware updates. This shouldn't be too surprising, but I fail the see how it answers the question...
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.