Zephyr NXP Driver Security Support

Emil_10 · ‎03-13-2025

Setup
Im developing a wifi app for a FRDM-RW612. I am using Zephyr.

Context

After enabling the NXP wifi driver, I successfully connected to a standard home wifi using the security type WIFI_SECURITY_TYPE_PSK.

Now I want to connect to a business network using the protocol "EAP-PEAP/MSCHAPv2" or as Zephyr enumerates it: WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2 This turns out to be quite the problem. After investigating the driver, I discovered that there is no specific check for WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2, though there are many others.

Also, none of the applicable options allow for a "user, password" structure. As I understand it, the driver does not seem to support such wifi authentication at this time, and thus does not support "EAP-PEAP/MSCHAPv2".

Questions

What security is supported by the Zephyr NXP wifi driver?
Is there a way to connect using EAP-PEAP/MSCHAPv2 with the nxp zephyr wifi driver?
Does the FRDM-RW612 support EAP-PEAP/MSCHAPv2 if I do not go through Zephyr?

Emil_10 · ‎03-30-2025

Quick recap for future readers(31/3/2025):
Does the FRDM-RW612 support EAP-PEAP/MSCHAPv2 if I do not go through Zephyr?
Yes in MCUXpresso SDK 24.12.00 the exaple "wifi_wpa_supplicant" can connect using EAP-PEAP/MSCHAPv2 authentication

Ricardo_Zamora · ‎03-13-2025

Hello,

Hope you are doing well. Could you please clarify what application are you using?

What versions are you using?

Also, are you following any guide?

Regards,

Ricardo

Best Regards,
Ricardo

Emil_10 · ‎03-13-2025

First of all, thanks for taking the time to help, I appreciate it.

Of course I will try to clarify.

Versions

Im using the zephyr on its current main, which would be version "4.1.99".

The NXP hal used on this version has the hash

9dc7449014a7380355612453b31be479cb3a6833

commit: "HEAD is now at 9dc74490 hal_nxp: Include LP Flexcomm driver using the right Kconfig"

Sample

Here i use sample "samples/net/wifi/apsta_mode". It can be found here:
zephyr/samples/net/wifi/apsta_mode at main · zephyrproject-rtos/zephyr · GitHub

I had to modify it slightly by adding the kconfig "CONFIG_WIFI_NXP". I also updated the example to use my wifi network. I disabled the AP mode as I do not need it.

The example works well with a "standard" home wifi using only password and WPA2-psk security. I can also see on my access point that the RW612 is successfully connected.

However, when I try to connect to an enterprise network with user and password using EAP-PEAP-MSCHAPV2 security, the connection fails. The nxp simply doesn't event try to connect. I also see on the access point that no one has tried to connect. I have configured the connect call as follows:

sta_config.ssid = (const uint8_t *)WIFI_SSID;

sta_config.ssid_length = strlen(WIFI_SSID);

sta_config.eap_identity = WIFI_USERNAME;

sta_config.eap_id_length = strlen(WIFI_USERNAME);

sta_config.eap_password = WIFI_PASSWORD;

sta_config.eap_passwd_length = strlen(WIFI_PASSWORD);

sta_config.security = WIFI_SECURITY_TYPE_WPA_AUTO_PERSONAL;

sta_config.channel = WIFI_CHANNEL_ANY;

sta_config.band = WIFI_FREQ_BAND_2_4_GHZ;

LOG_INF("Connecting to SSID: %s\n", sta_config.ssid);

int ret = net_mgmt(NET_REQUEST_WIFI_CONNECT, sta_iface, &sta_config,

sizeof(struct wifi_connect_req_params));

After debbuging i arrived here in the NXP zephyr driver.

zephyr/drivers/wifi/nxp/nxp_wifi_drv.c at main · zephyrproject-rtos/zephyr · GitHub

It seems that the supported security here is limited to:

No security.
WPA2-PSK security.
WPA2-PSK-SHA256 security.
WPA3-SAE security.
WPA3-SAE security with hash-to-element.
WPA3-SAE security with both hunting-and-pecking loop and hash-to-element enabled.
WPA/WPA2/WPA3 PSK security.

Full list of types in zephyr is here:
Zephyr API Documentation: Wi-Fi Management

Am i using the wrong wifi driver?

Is there maybe a NXP wifi driver branch in development i can check out?

Is the problem just zephyr-NXP related would it be possible to do with the NXP SDK?

Ricardo_Zamora · ‎03-28-2025

Hello,

Please find following table with supported features list.

Wi-Fi requirements	Is supported in Zephyr 4.1.0 release?
“WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2" security	it is supported in WPA2 mode.(with hostapd)
2,4 & 5 GHz	Yes
TLS 1.2 & TLS 1.3 for WPA 2 & 3 private and enterprise	TLS 1.2 supported. Currently no Wi-Fi sample app is available with TLS 1.3. if need to add support of TLS1.3, you need to create CCB for this to support
NTP v 4	SNTP is application layer protocol. if zephyr supports SNTP version 4 then it should work on Wi-Fi interface. As per https://docs.zephyrproject.org/latest/connectivity/networking/api/sntp.html, zephyr supports NTP v 4.
IPv6 SLAAC	RW612 Wi-Fi interface supports IPv6 SLAAC as it utilizes the zephyr networking stack, which includes support for IPv6 SLAAC. Overview — Zephyr Project Documentation
Network Stack (TCP/IP, https, DHCP)	RW612 Wi-Fi interface supports TCP/IP, https and DHCP as it utilizes the zephyr networking stack, which includes support for TCP/IP, https, DHCP

Regards,

Ricardo

Best Regards,
Ricardo

Emil_10 · ‎03-30-2025

Hello

Thanks for this info its very helpfull. However could it be that this is not for all boards?

zephyr

When i try using the RW612 in zephyr this is my result:

Here i used the "wifi/shell".

NXP MCZXpresso SDK 24.12.0
I know the board can do it and that my net is correctly configured since in the NXP SDK i see:

So as of now it seems that the RW612 definitely supports the authentication type.

However i am still struggling to reproduce the connection when using the zephyr SDK. Would it be possible to elaborate what you mean by "it is supported in WPA2 mode".
Is there a NXP wpa2 Kconfig or something?

Again thanks for helping me out