From: Kevin Lo Subject: Re: wifi protected management frame (PMF) support To: tech@openbsd.org Date: Wed, 26 Nov 2025 13:31:35 +0800 On Sat, Nov 22, 2025 at 10:45:08PM +0100, Stefan Sperling wrote: > > This patch adds protected management frame support to iwm, iwx, and qwx. > Support for PMF is a prerequisite for WPA3. Amazing, this is an important step toward supporting wpa3-sae. > I am sending this as one giant patch for testing. I do have incremental > changes with individual commit messages which make review a bit easier. > If you would like to review these diffs individually, please ask me to > send them to you. > > Tested by me on: > iwm 7265, 9265 (offloads unicast PMF, multicast is done in software) > iwx AX200 (offloads both unicast and multicast PMF) > qwx QCNFA765 (offloads unicast PMF, multicast is done in software) > > Use of PMF is controlled by the access point, so there is nothing to > configure with ifconfig. Please check if your access point offers settings > related to management frame protection related when testing this. > Tests in any combination of PMF disabled/optional/required across a range > of access points would be welcome. I tested the following three chips with a customized OpenWrt AP, and setting PMF (ieee80211w) to disabled/optional/required all works properly without any issues. iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 3168" rev 0x10, msi iwm0: hw rev 0x220, fw ver 29.198743027.0, address b0:35:9f:xx:xx:xx iwx0 at pci0 dev 20 function 3 "Intel Wi-Fi 6 AX211" rev 0x01, msix iwx0: hw rev 0x370, fw 77.f92b5fed.0, pnvm ce1a5094, address 90:09:df:xx:xx:xx qwx0 at pci2 dev 0 function 0 "Qualcomm QCNFA765" rev 0x01: msi qwx0: wcn6855 hw2.1 fw 0x11088c35 address 38:d5:7a:xx:xx:xx To confirm that the ieee80211w setting is taking effect, I checked the RSNIE capabilities through wireshark captures: 1. PMF required RSN Capabilities: 0x00cc Management Frame Protection Required: True Management Frame Protection Capable: True 2. PMF optional RSN Capabilities: 0x008c Management Frame Protection Required: False Management Frame Protection Capable: True 3. PMF disabled RSN Capabilities: 0x000c Management Frame Protection Required: False Management Frame Protection Capable: False As a side note, during testing with PMF set to disabled, qwx(4) occasionally displayed the following messages, but it doesn't affect functionality. qwx_dp_rx_h_null_q_desc: not implemented qwx_dp_rx_h_null_q_desc: not implemented qwx_dp_rx_h_null_q_desc: not implemented ... Thanks, Kevin