wifi_cert example won't work on the FRDM-RW612 to connect to a WPA Enterprise network.

Hi, I tested the wifi_wpa_supplicant example and it accepts the command "wlan-add abc ssid wifi_cert eap-tls." However, the certificates are not stored under mcuxsdk/middleware/wifi_nxp/certs/. There is a command called "wlan-read-usb-file" that reads the certificates via a USB stick. Therefore, I connected a USB stick to the FRDM-RW612's HS-USB port via an adapter. This USB stick is formatted as FAT32, and the files stored on it were saved as .der format. Unfortunately, I can't read the files with the command "wlan-read-usb-file ca-cert 1:/ca.der." I get the error:
# wlan-read-usb-file ca-cert 1:ca.der
............................fatfs test....................
fatfs mount as logical drive 1......success
fatfs file opening error
File opening failed
Does anyone have any idea what might be causing this?

Best regards 

Dirk

Hello everyone! The solution was to format the USB stick with MS-DOS MBR instead of GPT. After that, the files were readable with a 512 MB FAT32 partition. Now the following problem occurs:
# wlan-connect abc
Connecting to the network...
Use "wlan-stat" for the current connection status.

# ml3: SME: Authentication attempt with aa:bb:cc:dd:ee:ff (SSID='wifi_cert' freq=5200 MHz)
ml3: Connection attempt with aa:bb:cc:dd:ee:ff (SSID='wifi_cert' freq=5200 MHz)
PKG_TYPE: BGA
Set BGA transmit power table data
ml3: CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=DE
ml3: Connection establishment with aa:bb:cc:dd:ee:ff
ml3: CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: buildIdentity: Identity configuration was not available
ml3: CTRL-REQ-IDENTITY-0: Identity required for SSID wifi_cert
ml3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
And it seems there's no CLI command to set this information. I'll keep trying to find a solution. Perhaps my findings so far will help someone.

Best regards,
Dirk

Hi,

 

Sorry for the late reply.

Could you please share with me the whole terminal log of your test?

Please enable CONFIG_WLCMGR_DEBUG.

 

Regards,

Daniel.

Dear Daniel, we've since discovered that the TLS type and an ID must be passed when creating the profile. For example:
wlan-add test ssid wifi_cert eap-tls id abc.def@gmail.com
best regards,
Dirk

Hi,

Enterprise authentication is supported in hosted supplicant (wifi_wpa_supplicant).

Please take a look at UM11799 (available in the Secure Files Documentation). In section 4.10, you'll find the example documentation. I also recommend you section 4.10.1.5.

 

Regards,

Daniel.

Dear Daniel, I contacted the NXP Docstore/Secure Access team, but they told me that "RW612 is not part of the documentation for secure files (also known as Docstore)." Can you please tell me where I can ask about UM11799?

Best regards,
Dirk

 

Hi,

I'm sorry for the inconvenience. I reached out the corresponding team.

This document should not be in Secure Files, this should be public. They are working on this to release it in the public documentation.

Meanwhile, an old version of this document is available in the 2.16.100 SDK bundle (in the docs/wireless directory specifically). Please use this version while the latest is released in the public documentation. 

Please take a look to section 4.6.1.5.

Thanks!

Daniel.

Dear Daniel,
I cloned the SDK from https://github.com/nxp-mcuxpresso/mcux-sdk/tree/MCUX_2.16.100 and performed the "west update," but I couldn't find the wireless directory with the UM11799. Could you please provide me with the download link for the SDK bundle you're referring to?

Regards,
Dirk

Hi,

I'm sorry, I need to clarify my response.

Please get SDK 2.16.100 from SDK builder. 

Thanks,

Daniel

Dear Daniel,
The user manual version UM11799 only describes how to load the certificates from the USB stick. I've already figured that out. My problem was that after calling the connection command, the error message:
"ml1: CTRL-EVENT-EAP-STARTED EAP authentication started" appeared.
"EAP: buildIdentity: Identity configuration was not available"
ml1: CTRL-REQ-IDENTITY-0: Identity required for SSID wifi_cert"
appeared.
and I don't know how or where to set up this identity.

Best regards,
Dirk

Ok. Let me check this.

OK, I found out that I need to use the MCUXpresso SDK Builder to create an SDK for the FRDM-RW612, which will then include the documentation. I hope this information helps someone.
regards,
Dirk

Hi Daniel, I apparently don't have access to these files after logging in. When I open the secure documents, I get a message saying that no information can be displayed. Can you send me this information or grant me access to these files?

Regards,
Dirk

Hi,

I'm using the MCUXpresso SDK 24.12.00-pvw2. I suspect it's due to the configuration flags CONFIG_WPA_SUPP_CRYPTO_ENTERPRISE or CONFIG_WPA2_ENTP, which may not be enabled in this example. I'll try the other example tomorrow.

Thanks for the feedback!
Best regards

Dirk