Add config information related to MACsec
Add examples of relevant top level CONFIG clauses for wpa_supplicant MACsec support to defconfig. Extend the example of MACsec related network configuration. Also bring them in line with the format of the other example network configurations. Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This commit is contained in:
Jaap Keuter
Jouni Malinen
parent
e360010c3a
commit
208263c014
2 changed files with 34 additions and 14 deletions
|
|
@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y
|
||||||
# Driver interface for wired Ethernet drivers
|
# Driver interface for wired Ethernet drivers
|
||||||
CONFIG_DRIVER_WIRED=y
|
CONFIG_DRIVER_WIRED=y
|
||||||
|
|
||||||
|
# Driver interface for MACsec capable Qualcomm Atheros drivers
|
||||||
|
#CONFIG_DRIVER_MACSEC_QCA=y
|
||||||
|
|
||||||
|
# Driver interface for Linux MACsec drivers
|
||||||
|
#CONFIG_DRIVER_MACSEC_LINUX=y
|
||||||
|
|
||||||
# Driver interface for the Broadcom RoboSwitch family
|
# Driver interface for the Broadcom RoboSwitch family
|
||||||
#CONFIG_DRIVER_ROBOSWITCH=y
|
#CONFIG_DRIVER_ROBOSWITCH=y
|
||||||
|
|
||||||
|
|
@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y
|
||||||
#LIBS += -lsocket -ldlpi -lnsl
|
#LIBS += -lsocket -ldlpi -lnsl
|
||||||
#LIBS_c += -lsocket
|
#LIBS_c += -lsocket
|
||||||
|
|
||||||
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
|
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
|
||||||
# included)
|
# MACsec is included)
|
||||||
CONFIG_IEEE8021X_EAPOL=y
|
CONFIG_IEEE8021X_EAPOL=y
|
||||||
|
|
||||||
# EAP-MD5
|
# EAP-MD5
|
||||||
|
|
@ -166,6 +172,9 @@ CONFIG_EAP_LEAP=y
|
||||||
# EAP-EKE
|
# EAP-EKE
|
||||||
#CONFIG_EAP_EKE=y
|
#CONFIG_EAP_EKE=y
|
||||||
|
|
||||||
|
# MACsec
|
||||||
|
#CONFIG_MACSEC=y
|
||||||
|
|
||||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||||
# a file that usually has extension .p12 or .pfx)
|
# a file that usually has extension .p12 or .pfx)
|
||||||
CONFIG_PKCS12=y
|
CONFIG_PKCS12=y
|
||||||
|
|
|
||||||
|
|
@ -1765,15 +1765,26 @@ network={
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Example MACsec configuration
|
# Example configuration using EAP-TTLS for authentication and key
|
||||||
#network={
|
# generation for MACsec
|
||||||
# key_mgmt=IEEE8021X
|
network={
|
||||||
# eap=TTLS
|
key_mgmt=IEEE8021X
|
||||||
# phase2="auth=PAP"
|
eap=TTLS
|
||||||
# anonymous_identity="anonymous@example.com"
|
phase2="auth=PAP"
|
||||||
# identity="user@example.com"
|
anonymous_identity="anonymous@example.com"
|
||||||
# password="secretr"
|
identity="user@example.com"
|
||||||
# ca_cert="/etc/cert/ca.pem"
|
password="secretr"
|
||||||
# eapol_flags=0
|
ca_cert="/etc/cert/ca.pem"
|
||||||
# macsec_policy=1
|
eapol_flags=0
|
||||||
#}
|
macsec_policy=1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Example configuration for MACsec with preshared key
|
||||||
|
network={
|
||||||
|
key_mgmt=NONE
|
||||||
|
eapol_flags=0
|
||||||
|
macsec_policy=1
|
||||||
|
mka_cak=0123456789ABCDEF0123456789ABCDEF
|
||||||
|
mka_ckn=6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
|
||||||
|
mka_priority=128
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue