Since kernel 6.5 iwd service refuse to start on my MNT Reform because lack of kernel options related to cryptographic, here is the service log:
DES support not found
No CBC(DES3_EDE) support found, certain TLS connections might fail
The following options are missing in the kernel:
CONFIG_CRYPTO_USER_API_SKCIPHER
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_DES
The following optimized implementations might be available:
CONFIG_CRYPTO_DES3_EDE_X86_64
: iwd.service: Main process exited, code=exited, status=1/FAILURE
Do you have the kernel you had running before still installed? Which one was it? If yes, you could compare /boot/config-${oldversion}-reform2-arm64 to /boot/config-6.5.3-1-reform2-arm64 and see if the ${oldversion} did have the kernel options set that iwd needs or if there is any other interesting difference.
Hi Josch and thank you for replying, I think last working kernel was 6.4.0 (As I mostly use my Reform wired these last weeks).
Here is diff made on kernel config file:
3c3
< # Linux/arm64 6.4.4 Kernel Configuration
---
> # Linux/arm64 6.5.1 Kernel Configuration
252a253
> CONFIG_CACHESTAT_SYSCALL=y
325a327
> # CONFIG_ARCH_MA35 is not set
332a335
> # CONFIG_ARCH_STM32 is not set
351a355
> CONFIG_AMPERE_ERRATUM_AC03_CPU_38=y
517d520
< CONFIG_ARM64_MODULE_PLTS=y
619c622
< # CONFIG_ARM_ALLWINNER_SUN50I_CPUFREQ_NVMEM is not set
---
> CONFIG_ARM_ALLWINNER_SUN50I_CPUFREQ_NVMEM=m
718a722,723
> CONFIG_HOTPLUG_CORE_SYNC=y
> CONFIG_HOTPLUG_CORE_SYNC_DEAD=y
1008a1014
> # CONFIG_ZSWAP_EXCLUSIVE_LOADS_DEFAULT_ON is not set
1029c1035
< # CONFIG_SLAB is not set
---
> # CONFIG_SLAB_DEPRECATED is not set
2207a2214
> CONFIG_CXL_PMU=y
2227a2235
> CONFIG_FW_LOADER_SYSFS=y
2234c2242
< # CONFIG_FW_UPLOAD is not set
---
> CONFIG_FW_UPLOAD=y
3136a3145
> CONFIG_LIQUIDIO_CORE=m
3566a3576
> # CONFIG_CAN_F81604 is not set
3621a3632,3636
> # CONFIG_PPPOE_HASH_BITS_1 is not set
> # CONFIG_PPPOE_HASH_BITS_2 is not set
> CONFIG_PPPOE_HASH_BITS_4=y
> # CONFIG_PPPOE_HASH_BITS_8 is not set
> CONFIG_PPPOE_HASH_BITS=4
3941a3957
> # CONFIG_RTW88_8723DS is not set
3953a3970
> # CONFIG_RTW89_8851BE is not set
4202d4218
< CONFIG_TOUCHSCREEN_MK712=m
4471a4488
> CONFIG_HW_RANDOM_HISTB=m
4680a4698
> # CONFIG_SPI_RZV2M_CSI is not set
4794a4813
> # CONFIG_PINCTRL_IPQ5018 is not set
4809,4810d4827
< CONFIG_PINCTRL_QCOM_SPMI_PMIC=y
< CONFIG_PINCTRL_QCOM_SSBI_PMIC=y
4819a4837
> # CONFIG_PINCTRL_SDX75 is not set
4829a4848,4849
> CONFIG_PINCTRL_QCOM_SPMI_PMIC=y
> CONFIG_PINCTRL_QCOM_SSBI_PMIC=y
4836a4857
> CONFIG_PINCTRL_RZG2L=y
5091a5113
> # CONFIG_CHARGER_QCOM_SMB2 is not set
5164a5187
> # CONFIG_MAX31827 is not set
5280a5304
> # CONFIG_THERMAL_DEFAULT_GOV_BANG_BANG is not set
5355a5380
> # CONFIG_XILINX_WINDOW_WATCHDOG is not set
5440c5465
< # CONFIG_MFD_MAX597X is not set
---
> # CONFIG_MFD_MAX5970 is not set
5464a5490
> # CONFIG_MFD_MAX77541 is not set
5494c5520,5522
< CONFIG_MFD_RK808=y
---
> CONFIG_MFD_RK8XX=y
> CONFIG_MFD_RK8XX_I2C=y
> # CONFIG_MFD_RK8XX_SPI is not set
5501a5530
> # CONFIG_RZ_MTU3 is not set
5523a5553,5554
> # CONFIG_MFD_TPS6594_I2C is not set
> # CONFIG_MFD_TPS6594_SPI is not set
5611a5643
> # CONFIG_REGULATOR_RAA215300 is not set
5632a5665
> # CONFIG_REGULATOR_TPS6287X is not set
5677c5710
< # CONFIG_IR_SUNXI is not set
---
> CONFIG_IR_SUNXI=m
5841d5873
< CONFIG_VIDEO_STK1160_COMMON=m
6226a6259
> # CONFIG_VIDEO_OV01A10 is not set
6670a6704
> # CONFIG_DRM_AMDGPU_WERROR is not set
6713a6748
> # CONFIG_DRM_SHMOBILE is not set
6801a6837
> # CONFIG_DRM_PANEL_SAMSUNG_S6D7AA0 is not set
6956a6993,6995
> CONFIG_FB_IO_HELPERS=y
> CONFIG_FB_SYS_HELPERS=y
> CONFIG_FB_SYS_HELPERS_DEFERRED=y
7092a7132
> # CONFIG_SND_SEQ_UMP is not set
7099a7140
> # CONFIG_SND_PCMTEST is not set
7122c7163
< # CONFIG_SND_CMIPCI is not set
---
> CONFIG_SND_CMIPCI=m
7219a7261
> # CONFIG_SND_USB_AUDIO_MIDI_V2 is not set
7289a7332
> # CONFIG_SND_SOC_CHV3_I2S is not set
7341a7385
> # CONFIG_SND_SOC_RZ is not set
7360c7404
< # CONFIG_SND_SUN50I_DMIC is not set
---
> CONFIG_SND_SUN50I_DMIC=m
7445a7490
> # CONFIG_SND_SOC_CHV3_CODEC is not set
7503a7549
> # CONFIG_SND_SOC_MAX98388 is not set
7546a7593
> # CONFIG_SND_SOC_RT722_SDCA_SDW is not set
7561a7609
> # CONFIG_SND_SOC_SSM3515 is not set
7570a7619
> # CONFIG_SND_SOC_TAS2781_I2C is not set
7623a7673
> # CONFIG_SND_SOC_WSA884X is not set
7734a7785
> # CONFIG_HID_NVIDIA_SHIELD is not set
8120a8172
> # CONFIG_USB_CDNS2_UDC is not set
8202a8255
> # CONFIG_TYPEC_QCOM_PMIC is not set
8212d8264
< # CONFIG_TYPEC_QCOM_PMIC is not set
8220a8273
> # CONFIG_TYPEC_MUX_NB7VPQ904M is not set
8339a8393
> # CONFIG_LEDS_AW200XX is not set
8379c8433
< # CONFIG_LEDS_TI_LMU_COMMON is not set
---
> # CONFIG_LEDS_LM3697 is not set
8667a8722
> # CONFIG_RZ_DMAC is not set
8710a8766,8769
>
> #
> # VFIO support for PCI devices
> #
8715a8775,8779
> # end of VFIO support for PCI devices
>
> #
> # VFIO support for platform devices
> #
8716a8781,8786
> # CONFIG_VFIO_AMBA is not set
> # end of VFIO support for platform devices
>
> #
> # VFIO support for FSL_MC bus devices
> #
8717a8788,8789
> # end of VFIO support for FSL_MC bus devices
>
8979a9052,9053
> # CONFIG_COMMON_CLK_A1_PLL is not set
> # CONFIG_COMMON_CLK_A1_PERIPHERALS is not set
8994d9067
< # CONFIG_QCOM_CLK_APCS_SDX55 is not set
8998,8999d9070
< # CONFIG_APQ_GCC_8084 is not set
< # CONFIG_APQ_MMCC_8084 is not set
9005,9006d9075
< # CONFIG_IPQ_GCC_806X is not set
< # CONFIG_IPQ_LCC_806X is not set
9009,9010d9077
< # CONFIG_MSM_GCC_8660 is not set
< # CONFIG_MSM_GCC_8909 is not set
9014,9019d9080
< # CONFIG_MSM_GCC_8960 is not set
< # CONFIG_MSM_LCC_8960 is not set
< # CONFIG_MDM_GCC_9607 is not set
< # CONFIG_MDM_GCC_9615 is not set
< # CONFIG_MDM_LCC_9615 is not set
< # CONFIG_MSM_MMCC_8960 is not set
9021,9022d9081
< # CONFIG_MSM_GCC_8974 is not set
< # CONFIG_MSM_MMCC_8974 is not set
9048a9108
> # CONFIG_SC_LPASSCC_8280XP is not set
9066,9067c9126
< # CONFIG_SDX_GCC_55 is not set
< # CONFIG_SDX_GCC_65 is not set
---
> # CONFIG_SDX_GCC_75 is not set
9087a9147,9148
> # CONFIG_SM_GPUCC_8450 is not set
> # CONFIG_SM_GPUCC_8550 is not set
9090a9152,9153
> # CONFIG_SM_VIDEOCC_8350 is not set
> # CONFIG_SM_VIDEOCC_8550 is not set
9094a9158
> # CONFIG_SM_VIDEOCC_8450 is not set
9096a9161
> CONFIG_CLK_R9A07G044=y
9099a9165
> CONFIG_CLK_RZG2L=y
9200c9266
< # CONFIG_SUN50I_IOMMU is not set
---
> CONFIG_SUN50I_IOMMU=y
9323a9390
> # CONFIG_QCOM_RPM_MASTER_STATS is not set
9335a9403
> CONFIG_ARCH_RZG2L=y
9352c9420
< # CONFIG_ARCH_R9A07G044 is not set
---
> CONFIG_ARCH_R9A07G044=y
9569a9638
> # CONFIG_RZG2L_ADC is not set
9860a9930
> # CONFIG_ROHM_BU27008 is not set
9869a9940
> # CONFIG_OPT4001 is not set
9957a10029
> # CONFIG_X9250 is not set
9982a10055
> # CONFIG_MPRLS0025PA is not set
10091a10165
> CONFIG_RENESAS_RZG2L_IRQC=y
10124a10199
> CONFIG_RESET_RZG2L_USBPHY_CTRL=m
10144c10219
< # CONFIG_PHY_SUN50I_USB3 is not set
---
> CONFIG_PHY_SUN50I_USB3=m
10207a10283
> # CONFIG_PHY_QCOM_SGMII_ETH is not set
10251a10328
> # CONFIG_FSL_IMX9_DDR_PMU is not set
10305a10383
> # CONFIG_NVMEM_IMX_OCOTP_ELE is not set
10483d10560
< # CONFIG_AUTOFS4_FS is not set
10816d10892
< CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
10926a11003
> CONFIG_CRYPTO_SIG2=y
10945c11022
< CONFIG_CRYPTO_NULL2=y
---
> CONFIG_CRYPTO_NULL2=m
11013a11091
> CONFIG_CRYPTO_GENIV=m
11073a11152
> # CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set
11143a11223
> # CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_TEST is not set
11189d11268
< # CONFIG_CRYPTO_DEV_HISTB_TRNG is not set
11325a11405
> CONFIG_NEED_SG_DMA_FLAGS=y
11335a11416
> CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC=y
11529a11611,11617
> CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
> CONFIG_HARDLOCKUP_DETECTOR=y
> # CONFIG_HARDLOCKUP_DETECTOR_PERF is not set
> CONFIG_HARDLOCKUP_DETECTOR_BUDDY=y
> # CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set
> CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y
> # CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
11533a11622
> # CONFIG_WQ_CPU_INTENSIVE_REPORT is not set
11604a11694
> CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y
11623a11714
> # CONFIG_FUNCTION_GRAPH_RETVAL is not set
11666a11758,11759
> CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y
> CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y
11691a11785
> # CONFIG_CORESIGHT_DUMMY is not set
It seems none of the kernel options that iwd complains about changed.
Maybe the next step would be to file a bug against the iwd package in Debian? We are not messing with any crypto stuff in our kernel builds so I doubt this problem is Reform-specific.
If you like, you can CC me in the bug report to write so that I can give input if necessary.
Hi, I just upgraded to 6.5 and am able to confirm your problem. It is thus not just you and I reported a bug to Debian iwd maintainers. Feel free to subscribe to the bug to receive updates:
Iwd seems to start as expected now, but when i try to connect iwd to an emcrypted network then daemon process become defunct and does not respond anymore. It is not possible to kill it.
With unencrypted networks, there is no problem. Can it be a missing crypto option in the Kernel?
Sure, it always can be a missing option. The arm64 builds of the Debian kernel are around three orders of magnitudes less tested than the amd64 builds. Just a few months ago I found out that the arm64 kernel was built without support for joysticks which is understandable as there are not many arm64 laptops out there that one might want to stick a usb xbox gamepad into to play a game.
Crypto options are of course used by a few more people than joysticks so I would be surprised if a crypto option was missing. Still a possibility though of course.
To find out, you can check out the contents of /boot/config-*-reform2-arm64 of your currently running kernel to find its config options.
Much more likely though I suspect this to be a problem with some userspace application because I’m able to connect to all kinds of wifi networks encrypted with WPA2 Personal or Enterprise using network-manager without any problems.
Does your Network Manager installation use Iwd backend or traditionnal one with WPA-Supplicant? Because Iwd relies on kernet modules for encryption / decryption routines (this is why I thougth about the Kernel options).
I don’t have my Reform here to make some tests, but Iwd (the daemon) seems to await communication from an opened socket (said strace). I’ll try to make some other tests as soon as possible.
Hi, After some resarch, found an error about caam_jr error when starting iwd on dmesg. After removing this kernel module (and caam), iwd start without complaining and work as expected with encrypted network.
Here is the journalctl log when launching iwd:
Nov 05 17:02:26 rick iwd[4372]: 54.0 Mbps
Nov 05 17:02:26 rick iwd[4372]: HT Capabilities:
Nov 05 17:02:26 rick iwd[4372]: HT40
Nov 05 17:02:26 rick iwd[4372]: Short GI for 40Mhz
Nov 05 17:02:26 rick iwd[4372]: HT RX MCS indexes:
Nov 05 17:02:26 rick iwd[4372]: 0-15
Nov 05 17:02:26 rick iwd[4372]: Ciphers: BIP-CMAC-256 BIP-GMAC-256 BIP-GMAC-128 CCMP-256
Nov 05 17:02:26 rick iwd[4372]: GCMP-256 GCMP-128 BIP-CMAC-128 CCMP-128
Nov 05 17:02:26 rick iwd[4372]: TKIP
Nov 05 17:02:26 rick iwd[4372]: Supported iftypes: ad-hoc station ap p2p-client p2p-go
Nov 05 17:02:26 rick kernel: caam_jr 30903000.jr: failed to do request
Sees like this module is relative to Freescale Harware. I’ll make some more investigation…
I’m not using official image, but one one built by myself, using btrfs on LUKS. I’m haven’t used system with blacklist much; I want to test performance because btrfs scrub was running slowly today after that change. I’ll let check it and provide more details if I have them.
I think you could either take these bugs to iwd developers or report a bug against the linux kernel. But I think you should only do the latter after having some deeper understanding of what iwd does and/or needs. But it’s of course up to you.
and for now I didn’t blacklist caam_jr since I can connect with ethernet cable at home.