On 2022-08-28 09:34, Markus Volk wrote:
Am Sa, 27. Aug 2022 um 20:24:55 -0400 schrieb Randy MacLeod
<[email protected]>:
It's a little late in the release cycle for this sort of change but
if we do take it can you add a short list of some of the alternatives
It's not a long list. Choices so far would be wpa_supplicant or iwd.
wpa_supplicant is well known, so I'll write some information about iwd
that I've collected in the last days.
iwd is a wireless daemon written by intel and supported by all major
network managers. It can be run in standalone mode and configured with
'iwctl' from the terminal, and with 'iwgtk' or 'iwdgui' from the gui.
It can also work as a wpa_supplicant drop-in replacement for
network-manager, connman or systemd-networkd.
iwd makes heavy use of the kernel api, so it is not portable but does
not need additional external libraries like openssl. Instead, make
sure that the following options are enabled in the kernel:
CONFIG_CRYPTO_USER_API_SKCIPHER
CONFIG_CRYPTO_USER_API_HASH
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_CMAC
Most of these config options are set but CRYPTO_CMAC is missing in the
kernel cache as shown below but it's enabled in 5.19 without an explicit
setting:
root@qemux86-64:~# uname -a
Linux qemux86-64 5.19.0-yocto-standard #1 SMP PREEMPT_DYNAMIC Mon Aug 8
22:57:25 UTC 2022 x86_64 GNU/Linux
root@qemux86-64:~# zcat /proc/config.gz | grep CRYPTO_CMAC
CONFIG_CRYPTO_CMAC=y
# Save your list of modules to /tmp/iwd-modules
$ cd .../yocto-kernel-cache.git
$ git checkout yocto-5.15
$ git pull
$ for i in `cat /tmp/iwd-modules`; do rg -q $i || echo $i ": NOT FOUND";
done
CONFIG_CRYPTO_CMAC : NOT FOUND
Same for 5.10, 5.19.
CONFIG_CRYPTO_MD4
CONFIG_CRYPTO_MD5
CONFIG_CRYPTO_SHA256
CONFIG_CRYPTO_SHA512
CONFIG_CRYPTO_AES
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_DES
CONFIG_CRYPTO_CBC
optional for wps support would also be needed:
CONFIG_KEY_DH_OPERATIONS
https://cateee.net/lkddb/web-lkddb/KEY_DH_OPERATIONS.html
root@qemux86-64:~# zcat /proc/config.gz | grep KEY_DH_OPERATIONS
# CONFIG_KEY_DH_OPERATIONS is not set
Not set in 5.19 yocto-kernel-cache right now either.
and not indirectly enabled either:
root@qemux86-64:~# zcat /proc/config.gz | grep KEY_DH_OPERATIONS
# CONFIG_KEY_DH_OPERATIONS is not set
Someone can add a config fragment to yocto-kernel-cache if needed.
In standalone mode iwd can use either systemd-resolved or resolvconf
as dns manager. Additionally, dbus communication must be configured.
In the default configuration, iwd expects the user to be a member of
either the 'netdev' or 'wheel' group.
As a backend for the network managers, I have only tested iwd with
connman, which works smoothly and without additional configuration as
soon as you make sure that wpa_supplicant is not installed. (connman
will look for wpa_supplicant on startup and will bring it up if it
was found)
but you only want the information from the first sentence in the
commit message, right ?
Up to and including:
"... not need additional external libraries like openssl."
works for me.
Thanks for the great explanation.
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#169986):
https://lists.openembedded.org/g/openembedded-core/message/169986
Mute This Topic: https://lists.openembedded.org/mt/93285166/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
