diff mbox series

[v4,1/2] wpa-supplicant: enable OWE support

Message ID 20251218030448.1505377-2-miaoqing.pan@oss.qualcomm.com
State New
Headers show
Series wpa_supplicant: enable OWE and 802.11be | expand

Commit Message

Miaoqing Pan Dec. 18, 2025, 3:04 a.m. UTC 
Enable Opportunistic Wireless Encryption (OWE) in wpa_supplicant for
easier testing and examples by setting CONFIG_OWE=y in defconfig.

OWE is standardized in IEEE Std 802.11-2024 and specified by RFC
8110 (updated by RFC 9672).

Disable OWE when PACKAGECONFIG selects gnutls to prevent build
failures.

Signed-off-by: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com>
---
 ...-Opportunistic-Wireless-Encryption-O.patch | 39 +++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.11.bb     |  4 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch
new file mode 100644
index 0000000000..7311b76b6f
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch
@@ -0,0 +1,39 @@ 
+From fb043a27324ba81502b8986a31222f38aa414bbf Mon Sep 17 00:00:00 2001
+From: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com>
+Date: Thu, 18 Dec 2025 09:46:03 +0800
+Subject: [PATCH 1/3] defconfig: Update Opportunistic Wireless Encryption (OWE)
+ state
+
+OWE enhances privacy in public and enterprise environments where open
+networks are prevalent. Enabling OWE aligns with modern security best
+practices and supports the testing and development of OWE-capable
+devices.
+
+OWE is now standardized in IEEE Std 802.11-2024 while it was originally
+specified in IETF RFC 8110 (updated by RFC 9672). It is not experimental
+anymore, i.e., there has been significant interoperability testing and
+there are deployed cases.
+
+Signed-off-by: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com>
+Upstream-Status: Backport [https://git.w1.fi/cgit/hostap/commit/?id=39db92dcf301793ce45a8ebf85c425f67c670058]
+---
+ wpa_supplicant/defconfig | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
+index 52befd8..044604a 100644
+--- a/wpa_supplicant/defconfig
++++ b/wpa_supplicant/defconfig
+@@ -638,8 +638,7 @@ CONFIG_BGSCAN_SIMPLE=y
+ #CONFIG_BGSCAN_LEARN=y
+ 
+ # Opportunistic Wireless Encryption (OWE)
+-# Experimental implementation of draft-harkins-owe-07.txt
+-#CONFIG_OWE=y
++CONFIG_OWE=y
+ 
+ # Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
+ CONFIG_DPP=y
+-- 
+2.34.1
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
index 6ba10a8ca9..50f16e935d 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
@@ -16,6 +16,7 @@  SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
            file://0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch \
+           file://0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch \
            file://CVE-2025-24912-01.patch \
            file://CVE-2025-24912-02.patch \
            "
@@ -45,7 +46,8 @@  do_configure () {
 		echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config
 		sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \
 		    -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \
-		    -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config
+		    -e 's/\(^CONFIG_SAE=\)/#\1/' \
+		    -e 's/\(^CONFIG_OWE=\)/#\1/' wpa_supplicant/.config
 	fi
 
 	# For rebuild