diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2025-07-23 09:45:04 +0300 |
|---|---|---|
| committer | Miri Korenblit <miriam.rachel.korenblit@intel.com> | 2025-07-23 14:10:24 +0300 |
| commit | 0636800c8ee1daa55c9f0f00e8af869645dab4df (patch) | |
| tree | de8be7209770e89474768e3efeff58a10a6a8643 /drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | |
| parent | 0dd86ab21dbbcef7cd7cb1eb303e1803ed32a5f3 (diff) | |
wifi: iwlwifi: disable certain features for fips_enabled
When fips_enabled is set, keys will not be given to the
hardware by mac80211 since the hardware isn't certified.
In this case, various features cannot work correctly as
the firmware needs to handle frames, but it then cannot
since no keys are available.
Disable features:
- WoWLAN since no keys etc.
- MFP since some frames need to be handled in firmware
- EHT/6GHz since MFP is required
Also restrict A-MSDU size since A-MSDUs cannot be split
up by hardware and thus need to fit into the RX buffers
in one piece.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20250723094230.329fade58a27.I0be27dd329643cc5fdf79a8c8b8f6d2e6fb5c175@changeid
Diffstat (limited to 'drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c')
| -rw-r--r-- | drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c index fa9d5e0b6609..55ae1caded53 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c @@ -5,6 +5,7 @@ * Copyright (C) 2016-2017 Intel Deutschland GmbH */ #include <linux/kernel.h> +#include <linux/fips.h> #include <linux/slab.h> #include <linux/skbuff.h> #include <linux/netdevice.h> @@ -461,7 +462,9 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm) IWL_ERR(mvm, "iwlmvm doesn't allow to disable BT Coex, check bt_coex_active module parameter\n"); - ieee80211_hw_set(hw, MFP_CAPABLE); + if (!fips_enabled) + ieee80211_hw_set(hw, MFP_CAPABLE); + mvm->ciphers[hw->wiphy->n_cipher_suites] = WLAN_CIPHER_SUITE_AES_CMAC; hw->wiphy->n_cipher_suites++; if (iwl_mvm_has_new_rx_api(mvm)) { @@ -485,12 +488,17 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm) hw->wiphy->pmsr_capa = &iwl_mvm_pmsr_capa; } - if (sec_key_ver && + /* + * beacon protection must be handled by firmware, + * so cannot be done with fips_enabled + */ + if (!fips_enabled && sec_key_ver && fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_BIGTK_TX_SUPPORT)) wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_BEACON_PROTECTION); - else if (fw_has_capa(&mvm->fw->ucode_capa, + else if (!fips_enabled && + fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_BIGTK_SUPPORT)) wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT); @@ -730,7 +738,7 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm) #ifdef CONFIG_PM_SLEEP if ((unified || mvm->fw->img[IWL_UCODE_WOWLAN].num_sec) && - device_can_wakeup(mvm->trans->dev)) { + device_can_wakeup(mvm->trans->dev) && !fips_enabled) { mvm->wowlan.flags |= WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT | WIPHY_WOWLAN_EAP_IDENTITY_REQ | |