Rpi 3A+/3B+/4B wifi - BCM4345 and CTRL-EVENT-ASSOC-REJECT when using handshake offloading
I encountered an issue with the wifi on my 3A+/4B not willing to connect to my AP, while my 3B was perfectly happy with it.
Turns out it's a driver issue with 'brcmfmac' and the BCM4345 chipset that's in newer RPI models.
I'm using raspios bullseye (2022-09-22-raspios-bullseye-arm64-lite.img.xz).
wpa_supplicant kept insisting that
sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 Successfully initialized wpa_supplicant wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz) wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16 wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz) wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16 wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz) wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16 [etc]
Why is this happening ?
After a LOT of troubleshooting and tests, and web searching, I stumbled upon several interesting pages and bug reports :
- A wiki page in IWD's wiki kernel.org : https://iwd.wiki.kernel.org/offloading- mirror with an explanation as to why this happens
- A bug report linked in the page above : https://email@example.com/ - mirror
- Another bug report on launchpad.net https://bugs.launchpad.net/raspbian/+bug/1929746 - mirror
From the wiki linked above :
Certain drivers support offloading the 4-way handshake as well as SAE/WPA3 into the firmware. For drivers which do not support user space driven Authenticate/Associate frames this is the only way to enable features such as SAE/WPA3 or Fast Transition roaming. Handshake offloading (both WPA2 and WPA3) is enabled in IWD by default for drivers which advertise support. The driver support, however, can be disabled on brcmfmac which will be discussed further. Handshake offloading has only been tested on the brcmfmac driver, and this wiki page assumes this driver is being used.
If you are using brcmfmac and are experiencing problems such as not being able to connect to a network which you previously could, you may want to disable handshake offloading.
The brcmfmac driver has a module parameter called 'feature_disable'. It expects a hex value (bitmask) where each bit corresponds to a feature [...]. The features we care about here are 'SAE' and 'FWSUP'. These features (when enabled) are listed in /sys/kernel/debug/ieee80211/
/features so you can first see if your card even supports these before trying to debug further.
On the rpi 3A+ and 4B, here'is what
/sys/kernel/debug/ieee80211/<phy>/features gives us :
# cat /sys/kernel/debug/ieee80211/phy0/features Features: 001428d6 MCHAN PNO P2P TDLS SCAN_RANDOM_MAC MFP FWSUP DOT11H FWAUTH Quirks: 00000000
To turn off offloading you need to remove the brcmfmac module, then reinsert it with the feature_disable option:
sudo rmmod brcmfmac sudo modprobe brcmfmac feature_disable=0x82000
This will disable both SAE (0x80000) and FWSUP (0x02000). You could disable just one, but this is not suggested due to a bug which prevents EAPoL frames from being forwarded after offloading is used for the first time.
You can resolve the issue by using only
feature_disable=0x02000 if you're sure you won't ever have a WPA3/SAE AP around, but due to the bug mentionned above, you might want to be on the safe side and disable SAE as well while this bug exists.
sudo rmmod brcmfmac sudo modprobe brcmfmac roamoff=1 feature_disable=0x82000
Driver options on boot
If that fixes things for you and you want to make this setting persistent, you can create a file with these options in '/etc/modprobe.d', e.g ;
echo 'options brcmfmac roamoff=1 feature_disable=0x82000' | sudo tee /etc/modprobe.d/brcmfmac.conf
This will make sure the settings are applied when the driver loads.
The 3A+/3B+/4B are equipped with a BCM4345 chipset so this should solve wifi issues with those models.