• State Not Answered
  • Replies 7 replies
  • Subscribers 75 subscribers
  • Views 122 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 345816
Options

Update to NCS3.0.0 broke wifi WPA2-PSK connect?

BrianW

Custom PCB with nrf5340/nrf7002. Currently was using NCS2.9.0, with WPA2-PSK connection to the wifi.

While trying to enable use of WPA2-Enterprise, I updated to NCS3.0.0 (to see if the increased flash requirement of around 45kB! was perhaps less). This turned out to be WAY worse (another 49kB on top for identical prj.conf), but also broke the WP2-PSK connection it seems?

Previous it would connect fine, but now it times out and I see these logs:

[00:02:21.108,764] <err> wpa_supp: Error in pbkdf2_sha1()
[00:02:21.110,382] <err> wpa_supp: Line 0: invalid key_mgmt 'SAE'

Any idea what these mean? I previously had the SAE log from time to time : I assumed this is for WPA3 with SAE key exchange which I wasn't using (WPA2-PSK) and it didn't block the connection.

If anyone has any ideas about how to trim down the wifi stack usage also I'd be interested too as it no longer fits in the flash on my nrf5340 (and yes, I already have the nrf70 fw and all other mcyboot slots in a external flash...)

Parents
  • 0

    Hi Bryan,

    I am sorry to hear that. It's true that these Wi-Fi features are currently very memory hungry. Are you saying that Enterprise did work for you in 2.9?

    Regards,

    Elfving

  • 0 in reply to Elfving

    I haven't been able to try the enterprise wifi connection yet. My question here concerns WPA2-PSK on NCS3.0.0 vs NCS2.9.0: this works on 2.9 but fails to connect on 3.0. (application code is identical)

    On 2.9 I get the SAE error (can you explain what this refers to?)

    On 3.0 I get the SAE error but also the pbkdf2_sha1 error, which seems to be related to it not managing to connect?

    So on NCS 3.0 not even WPA2-PSK is working for me...

    Note: For the memory usage, in NCS2.9.0 a rom_report tells me that around 350kB is required to use IP networking over wifi with WPA2-PSK  (between wifi drivers, TCP/IP, mbedtls, wpa_supp etc) - without adding 'enterprise' and WPA3 support. And this does not include the 79kB of nrf70 fw code that is stored in external flash).

    This is 35% of the nrf5340's internal flash, just to be able to connect a MQTT client... I can see no way to reduce this overhead currently.

  • 0 in reply to BrianW

    I see someone else has experience the same issue on NCS 3.0.1, something about the mbedtls heap? 

    what has changed from 2.9.0?

  • 0 in reply to BrianW
    BrianW said:
    I haven't been able to try the enterprise wifi connection yet. My question here concerns WPA2-PSK on NCS3.0.0 vs NCS2.9.0: this works on 2.9 but fails to connect on 3.0. (application code is identical)

    Ah okay, seems I just misunderstood you for a second there. 

    BrianW said:
    This is 35% of the nrf5340's internal flash, just to be able to connect a MQTT client... I can see no way to reduce this overhead currently.

    Hmm, this a surprise to me at least. I can check. You are seeing this on your custom application, right? Are you seeing this with a sample as well? Could you get me the exact build command that was used?

    Regards,

    Elfving

  • 0 in reply to Elfving

    This is my custom application, which is now at 970kB (the absolute limit to fix in the 1Mb flash with mcuboot as well)

    If you build just wifi-sta sample with WPA2 enterprise (and not even an MQTT or HTTP client in that sample) you will find the application size is over 350kB....

    To return to the problem : 

    BrianW said:
    [00:02:21.110,382] <err> wpa_supp: Line 0: invalid key_mgmt 'SAE'

    what does this signify?

    and

    BrianW said:
    [00:02:21.108,764] <err> wpa_supp: Error in pbkdf2_sha1()

    which seems to be the problem stopping WPA2-PSK working in NCS 3.0.0.

    I now think that this is because the libc heap is at 0 in the NCS3.0 build (as the networking code is using its own sysheap my code then uses the system sysheap, so k_malloc() instead of malloc().) And because 

    CONFIG_MBEDTLS_ENABLE_HEAP=y

    by default, but the heap is size 0, the mbedtls fn fails. 

    So, either I set CONFIG_MBEDTLS_ENABLE_HEAP=n, or I leave the libc heap in place I guess?

  • 0 in reply to BrianW
    BrianW said:
    If you build just wifi-sta sample with WPA2 enterprise (and not even an MQTT or HTTP client in that sample) you will find the application size is over 350kB....

    Just built wifi-sta NCS2.9.0, just added to the prj.conf:

    # WPA-PSK, WPA2-Enterprise, WPA3-SAE for at least EAP-TLS
    CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE=y
    CONFIG_WIFI_NM_WPA_SUPPLICANT_WPA3=y
    # Only support EAP TLS method
    CONFIG_EAP_ALL=n
    CONFIG_EAP_TLS=y

    This gives an image size of around 640kB - with basically NO application code in it!

    [5/10] Performing build step for 'wifi_sta'
    [10/434] Generating include/generated/zephyr/version.h
    -- Zephyr version: 3.7.99 (C:/ncs/v2.9.0/zephyr), build: v3.7.99-ncs2
    [434/434] Linking C executable zephyr\zephyr.elf
    Memory region Used Size Region Size %age Used
    FLASH: 645196 B 1 MB 61.53%
    RAM: 225780 B 448 KB 49.22%
    IDT_LIST: 0 GB 32 KB 0.00%

    This is squeezable (put nrf70 fw into external flash, remove all logging from WPA) but still, it casts a doubt on the reality of using the nrf5340 with just 1Mb of internal flash for any real wifi based application....

  • 0 in reply to BrianW

    Update : this image did not manage to connect to a wifi AP; turns out it did not include the nrf70 fw (sysbuild issue).

    Final image size (for wifi_sta sample with WPA2 enterprise enabled) is:

    [7/7] Linking C executable zephyr\zephyr.elf
    Memory region Used Size Region Size %age Used
    FLASH: 803188 B 1 MB 76.60%
    RAM: 414512 B 448 KB 90.36%
    IDT_LIST: 0 GB 32 KB 0.00%

    It also required as you will note substantial increases in the heap size and stack sizes to be able to run.

    WPA2-PSK and WPA3-SAE work with this image;  however, I cannot get WPA2 Enterprise with EAP-TLS to connect... I will open a seperate ticket for this issue.

Reply
  • 0 in reply to BrianW

    Update : this image did not manage to connect to a wifi AP; turns out it did not include the nrf70 fw (sysbuild issue).

    Final image size (for wifi_sta sample with WPA2 enterprise enabled) is:

    [7/7] Linking C executable zephyr\zephyr.elf
    Memory region Used Size Region Size %age Used
    FLASH: 803188 B 1 MB 76.60%
    RAM: 414512 B 448 KB 90.36%
    IDT_LIST: 0 GB 32 KB 0.00%

    It also required as you will note substantial increases in the heap size and stack sizes to be able to run.

    WPA2-PSK and WPA3-SAE work with this image;  however, I cannot get WPA2 Enterprise with EAP-TLS to connect... I will open a seperate ticket for this issue.

Children
No Data
Related
Terms of service