Lack of WPA3 Support in wifi connection

[Bartosz-lab]

Describe the issue you are experiencing

The current version does not support the WPA3 wifi protocol.

Expected Behavior:
The system should support WPA3, allowing connection to Wi-Fi networks using this standard.

Steps to Reproduce:
Attempt to connect a device to a Wi-Fi network secured with only WPA3.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Steps to reproduce the issue

1. Attempt to connect a device to a Wi-Fi network secured with only WPA3. (via GUI or CLI)

Anything in the Supervisor logs that might be useful for us?

2024-10-11 19:58:27.268 homeassistant.local wpa_supplicant[516]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
2024-10-11 19:58:27.277 homeassistant.local NetworkManager[505]: <info>  [1728676707.2763] device (wlan0): Activation: starting connection 'Supervisor wlan0' (xxx)
2024-10-11 19:58:27.277 homeassistant.local systemd-resolved[502]: wlan0: Bus client set default route setting: no
2024-10-11 19:58:27.279 homeassistant.local NetworkManager[505]: <info>  [1728676707.2788] device (wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:27.280 homeassistant.local systemd-resolved[502]: wlan0: Bus client reset DNS server list.
2024-10-11 19:58:27.280 homeassistant.local NetworkManager[505]: <info>  [1728676707.2804] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:27.284 homeassistant.local NetworkManager[505]: <info>  [1728676707.2828] device (wlan0): Activation: (wifi) access point 'Supervisor wlan0' has security, but secrets are required.
2024-10-11 19:58:27.284 homeassistant.local NetworkManager[505]: <info>  [1728676707.2831] device (wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:27.288 homeassistant.local NetworkManager[505]: <info>  [1728676707.2875] device (wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:27.288 homeassistant.local NetworkManager[505]: <info>  [1728676707.2882] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:27.289 homeassistant.local NetworkManager[505]: <info>  [1728676707.2893] device (wlan0): Activation: (wifi) connection 'Supervisor wlan0' has security, and secrets exist.  No new secrets needed.
2024-10-11 19:58:27.289 homeassistant.local NetworkManager[505]: <info>  [1728676707.2896] Config: added 'ssid' value 'SSID-IoT'
2024-10-11 19:58:27.290 homeassistant.local NetworkManager[505]: <info>  [1728676707.2899] Config: added 'scan_ssid' value '1'
2024-10-11 19:58:27.290 homeassistant.local NetworkManager[505]: <info>  [1728676707.2899] Config: added 'bgscan' value 'simple:30:-65:300'
2024-10-11 19:58:27.290 homeassistant.local NetworkManager[505]: <info>  [1728676707.2899] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
2024-10-11 19:58:27.290 homeassistant.local NetworkManager[505]: <info>  [1728676707.2902] Config: added 'auth_alg' value 'OPEN'
2024-10-11 19:58:27.290 homeassistant.local NetworkManager[505]: <info>  [1728676707.2902] Config: added 'psk' value '<hidden>'
2024-10-11 19:58:31.110 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:58:31.110 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:58:31.218 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:58:31.322 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:58:31.426 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52
2024-10-11 19:58:33.090 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd090 fail, reason -52
2024-10-11 19:58:33.090 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd095 fail, reason -52
2024-10-11 19:58:33.090 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd099 fail, reason -52
2024-10-11 19:58:33.091 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd09d fail, reason -52
2024-10-11 19:58:33.091 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a1 fail, reason -52
2024-10-11 19:58:33.091 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a5 fail, reason -52
2024-10-11 19:58:33.099 homeassistant.local NetworkManager[505]: <info>  [1728676713.0988] device (wlan0): supplicant interface state: disconnected -> scanning
2024-10-11 19:58:33.101 homeassistant.local NetworkManager[505]: <info>  [1728676713.0989] device (p2p-dev-wlan0): supplicant management interface state: disconnected -> scanning
2024-10-11 19:58:37.002 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:58:37.002 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:58:37.110 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:58:37.214 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:58:37.305 homeassistant.local systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
2024-10-11 19:58:37.318 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52
2024-10-11 19:58:38.982 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd090 fail, reason -52
2024-10-11 19:58:38.982 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd095 fail, reason -52
2024-10-11 19:58:38.982 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd099 fail, reason -52
2024-10-11 19:58:38.983 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd09d fail, reason -52
2024-10-11 19:58:38.983 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a1 fail, reason -52
2024-10-11 19:58:38.983 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a5 fail, reason -52
2024-10-11 19:58:47.918 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:58:47.918 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:58:48.026 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:58:48.130 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:58:48.234 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52
2024-10-11 19:58:49.898 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd090 fail, reason -52
2024-10-11 19:58:49.898 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd095 fail, reason -52
2024-10-11 19:58:49.898 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd099 fail, reason -52
2024-10-11 19:58:49.899 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd09d fail, reason -52
2024-10-11 19:58:49.899 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a1 fail, reason -52
2024-10-11 19:58:49.899 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a5 fail, reason -52
2024-10-11 19:58:52.332 homeassistant.local NetworkManager[505]: <warn>  [1728676732.3321] device (wlan0): Activation: (wifi) association took too long, failing activation
2024-10-11 19:58:52.334 homeassistant.local NetworkManager[505]: <info>  [1728676732.3322] device (wlan0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
2024-10-11 19:58:52.335 homeassistant.local wpa_supplicant[516]: wlan0: CTRL-EVENT-DSCP-POLICY clear_all
2024-10-11 19:58:52.336 homeassistant.local NetworkManager[505]: <warn>  [1728676732.3343] device (wlan0): Activation: failed for connection 'Supervisor wlan0'
2024-10-11 19:58:52.337 homeassistant.local NetworkManager[505]: <info>  [1728676732.3354] device (wlan0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
2024-10-11 19:58:52.344 homeassistant.local NetworkManager[505]: <info>  [1728676732.3443] device (wlan0): supplicant interface state: scanning -> disconnected
2024-10-11 19:58:52.344 homeassistant.local NetworkManager[505]: <info>  [1728676732.3444] device (p2p-dev-wlan0): supplicant management interface state: scanning -> disconnected
2024-10-11 19:58:56.270 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:58:56.270 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:58:56.378 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:58:56.482 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:58:56.586 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52
2024-10-11 19:58:58.250 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd090 fail, reason -52
2024-10-11 19:58:58.250 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd095 fail, reason -52
2024-10-11 19:58:58.250 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd099 fail, reason -52
2024-10-11 19:58:58.250 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd09d fail, reason -52
2024-10-11 19:58:58.251 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a1 fail, reason -52
2024-10-11 19:58:58.251 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a5 fail, reason -52
2024-10-11 19:59:02.386 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:59:02.386 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:59:02.494 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:59:02.598 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:59:02.702 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52
2024-10-11 19:59:04.366 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd090 fail, reason -52
2024-10-11 19:59:04.366 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd095 fail, reason -52
2024-10-11 19:59:04.366 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd099 fail, reason -52
2024-10-11 19:59:04.366 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd09d fail, reason -52
2024-10-11 19:59:04.367 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a1 fail, reason -52
2024-10-11 19:59:04.367 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd0a5 fail, reason -52
2024-10-11 19:59:08.500 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0x100e fail, reason -52
2024-10-11 19:59:08.502 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd022 fail, reason -52
2024-10-11 19:59:08.610 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd026 fail, reason -52
2024-10-11 19:59:08.714 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02a fail, reason -52
2024-10-11 19:59:08.817 homeassistant.local kernel: brcmfmac: brcmf_set_channel: set chanspec 0xd02e fail, reason -52

System Health information

Supervisor diagnostics

No response

Additional information

I propose two possible solutions:

1. Recommended - Drop support for WEP
   This would simplify the changes. We can stop setting the CONF_ATTR_802_WIRELESS_SECURITY_AUTH_ALG variable, allowing automatic selection between WPA2 and WPA3.
   

   supervisor/supervisor/dbus/network/setting/generate.py

   Lines 212 to 233 in e2ada42

   	if interface.wifi and interface.wifi.auth != "open":
   	wireless["security"] = Variant("s", CONF_ATTR_802_WIRELESS_SECURITY)
   	wireless_security = {}
   	if interface.wifi.auth == "wep":
   	wireless_security[CONF_ATTR_802_WIRELESS_SECURITY_AUTH_ALG] = Variant(
   	"s", "open"
   	)
   	wireless_security[CONF_ATTR_802_WIRELESS_SECURITY_KEY_MGMT] = Variant(
   	"s", "none"
   	)
   	elif interface.wifi.auth == "wpa-psk":
   	wireless_security[CONF_ATTR_802_WIRELESS_SECURITY_AUTH_ALG] = Variant(
   	"s", "open"
   	)
   	wireless_security[CONF_ATTR_802_WIRELESS_SECURITY_KEY_MGMT] = Variant(
   	"s", "wpa-psk"
   	)
   	if interface.wifi.psk:
   	wireless_security[CONF_ATTR_802_WIRELESS_SECURITY_PSK] = Variant(
   	"s", interface.wifi.psk
   	)

2. Add a third option to select SAE mode
   In this approach, we would explicitly set CONF_ATTR_802_WIRELESS_SECURITY_AUTH_ALG to sae and CONF_ATTR_802_WIRELESS_SECURITY_KEY_MGMT to sae.

[agners]

We did consider adding WPA3 in the past, one reason we did not do it was lack of support from Raspberry Pi (see raspberrypi/linux#4718). There are firmwares and combination of software where it supposedly works, but with caveat.

What hardware are you using?

[Bartosz-lab]

Oh, I'm using a Raspberry Pi 4 :(

I have tested WPA3 on x86 hardware, and it appears that WPA3 works correctly. NetworkManager automatically ignores the CONF_ATTR_802_WIRELESS_SECURITY_KEY_MGMT=open option and defaults to sae when WPA3 is available.

Once WPA3 support is added to the Raspberry Pi, it should work seamlessly out of the box. However, to avoid potential confusion when auto-selecting between WPA2 and WPA3, we can leave the CONF_ATTR_802_WIRELESS_SECURITY_KEY_MGMT variable unset. This way, NetworkManager will automatically choose the appropriate option.