1780fb4a2SCy Schubert# Example wpa_supplicant build time configuration 2780fb4a2SCy Schubert# 3780fb4a2SCy Schubert# This file lists the configuration options that are used when building the 485732ac8SCy Schubert# wpa_supplicant binary. All lines starting with # are ignored. Configuration 585732ac8SCy Schubert# option lines must be commented out complete, if they are not to be included, 685732ac8SCy Schubert# i.e., just setting VARIABLE=n is not disabling that variable. 7780fb4a2SCy Schubert# 8780fb4a2SCy Schubert# This file is included in Makefile, so variables like CFLAGS and LIBS can also 9780fb4a2SCy Schubert# be modified from here. In most cases, these lines should use += in order not 10780fb4a2SCy Schubert# to override previous values of the variables. 11780fb4a2SCy Schubert 12780fb4a2SCy Schubert 13780fb4a2SCy Schubert# Uncomment following two lines and fix the paths if you have installed OpenSSL 14780fb4a2SCy Schubert# or GnuTLS in non-default location 15780fb4a2SCy Schubert#CFLAGS += -I/usr/local/openssl/include 16780fb4a2SCy Schubert#LIBS += -L/usr/local/openssl/lib 17780fb4a2SCy Schubert 18780fb4a2SCy Schubert# Some Red Hat versions seem to include kerberos header files from OpenSSL, but 19780fb4a2SCy Schubert# the kerberos files are not in the default include path. Following line can be 20780fb4a2SCy Schubert# used to fix build issues on such systems (krb5.h not found). 21780fb4a2SCy Schubert#CFLAGS += -I/usr/include/kerberos 22780fb4a2SCy Schubert 23780fb4a2SCy Schubert# Driver interface for generic Linux wireless extensions 24780fb4a2SCy Schubert# Note: WEXT is deprecated in the current Linux kernel version and no new 25780fb4a2SCy Schubert# functionality is added to it. nl80211-based interface is the new 26780fb4a2SCy Schubert# replacement for WEXT and its use allows wpa_supplicant to properly control 27780fb4a2SCy Schubert# the driver to improve existing functionality like roaming and to support new 28780fb4a2SCy Schubert# functionality. 29780fb4a2SCy Schubert#CONFIG_DRIVER_WEXT=y 30780fb4a2SCy Schubert 31780fb4a2SCy Schubert# Driver interface for Linux drivers using the nl80211 kernel interface 32780fb4a2SCy Schubert#CONFIG_DRIVER_NL80211=y 33780fb4a2SCy SchubertCONFIG_LIBNL20=y 34780fb4a2SCy Schubert 35780fb4a2SCy Schubert# QCA vendor extensions to nl80211 36780fb4a2SCy SchubertCONFIG_DRIVER_NL80211_QCA=y 37780fb4a2SCy Schubert 38780fb4a2SCy Schubert# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) 39780fb4a2SCy Schubert#CONFIG_DRIVER_BSD=y 40780fb4a2SCy Schubert#CFLAGS += -I/usr/local/include 41780fb4a2SCy Schubert#LIBS += -L/usr/local/lib 42780fb4a2SCy Schubert#LIBS_p += -L/usr/local/lib 43780fb4a2SCy Schubert#LIBS_c += -L/usr/local/lib 44780fb4a2SCy Schubert 45780fb4a2SCy Schubert# Driver interface for Windows NDIS 46780fb4a2SCy Schubert#CONFIG_DRIVER_NDIS=y 47780fb4a2SCy Schubert#CFLAGS += -I/usr/include/w32api/ddk 48780fb4a2SCy Schubert#LIBS += -L/usr/local/lib 49780fb4a2SCy Schubert# For native build using mingw 50780fb4a2SCy Schubert#CONFIG_NATIVE_WINDOWS=y 51780fb4a2SCy Schubert# Additional directories for cross-compilation on Linux host for mingw target 52780fb4a2SCy Schubert#CFLAGS += -I/opt/mingw/mingw32/include/ddk 53780fb4a2SCy Schubert#LIBS += -L/opt/mingw/mingw32/lib 54780fb4a2SCy Schubert#CC=mingw32-gcc 55780fb4a2SCy Schubert# By default, driver_ndis uses WinPcap for low-level operations. This can be 56780fb4a2SCy Schubert# replaced with the following option which replaces WinPcap calls with NDISUIO. 57780fb4a2SCy Schubert# However, this requires that WZC is disabled (net stop wzcsvc) before starting 58780fb4a2SCy Schubert# wpa_supplicant. 59780fb4a2SCy Schubert# CONFIG_USE_NDISUIO=y 60780fb4a2SCy Schubert 61780fb4a2SCy Schubert# Driver interface for wired Ethernet drivers 62780fb4a2SCy Schubert#CONFIG_DRIVER_WIRED=y 63780fb4a2SCy Schubert 64780fb4a2SCy Schubert# Driver interface for the Broadcom RoboSwitch family 65780fb4a2SCy Schubert#CONFIG_DRIVER_ROBOSWITCH=y 66780fb4a2SCy Schubert 67780fb4a2SCy Schubert# Driver interface for no driver (e.g., WPS ER only) 68780fb4a2SCy Schubert#CONFIG_DRIVER_NONE=y 69780fb4a2SCy Schubert 70780fb4a2SCy Schubert# Solaris libraries 71780fb4a2SCy Schubert#LIBS += -lsocket -ldlpi -lnsl 72780fb4a2SCy Schubert#LIBS_c += -lsocket 73780fb4a2SCy Schubert 74780fb4a2SCy Schubert# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is 75780fb4a2SCy Schubert# included) 76780fb4a2SCy SchubertCONFIG_IEEE8021X_EAPOL=y 77780fb4a2SCy Schubert 78780fb4a2SCy Schubert# EAP-MD5 79780fb4a2SCy SchubertCONFIG_EAP_MD5=y 80780fb4a2SCy Schubert 81780fb4a2SCy Schubert# EAP-MSCHAPv2 82780fb4a2SCy SchubertCONFIG_EAP_MSCHAPV2=y 83780fb4a2SCy Schubert 84780fb4a2SCy Schubert# EAP-TLS 85780fb4a2SCy SchubertCONFIG_EAP_TLS=y 86780fb4a2SCy Schubert 87780fb4a2SCy Schubert# EAL-PEAP 88780fb4a2SCy SchubertCONFIG_EAP_PEAP=y 89780fb4a2SCy Schubert 90780fb4a2SCy Schubert# EAP-TTLS 91780fb4a2SCy SchubertCONFIG_EAP_TTLS=y 92780fb4a2SCy Schubert 93780fb4a2SCy Schubert# EAP-FAST 94780fb4a2SCy Schubert#CONFIG_EAP_FAST=y 95780fb4a2SCy Schubert 96780fb4a2SCy Schubert# EAP-GTC 97780fb4a2SCy SchubertCONFIG_EAP_GTC=y 98780fb4a2SCy Schubert 99780fb4a2SCy Schubert# EAP-OTP 100780fb4a2SCy SchubertCONFIG_EAP_OTP=y 101780fb4a2SCy Schubert 102780fb4a2SCy Schubert# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) 103780fb4a2SCy SchubertCONFIG_EAP_SIM=y 104780fb4a2SCy Schubert 105780fb4a2SCy Schubert# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) 106780fb4a2SCy Schubert#CONFIG_EAP_PSK=y 107780fb4a2SCy Schubert 108780fb4a2SCy Schubert# EAP-pwd (secure authentication using only a password) 109780fb4a2SCy SchubertCONFIG_EAP_PWD=y 110780fb4a2SCy Schubert 111780fb4a2SCy Schubert# EAP-PAX 112780fb4a2SCy Schubert#CONFIG_EAP_PAX=y 113780fb4a2SCy Schubert 114780fb4a2SCy Schubert# LEAP 115780fb4a2SCy SchubertCONFIG_EAP_LEAP=y 116780fb4a2SCy Schubert 117780fb4a2SCy Schubert# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) 118780fb4a2SCy SchubertCONFIG_EAP_AKA=y 119780fb4a2SCy Schubert 120780fb4a2SCy Schubert# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). 121780fb4a2SCy Schubert# This requires CONFIG_EAP_AKA to be enabled, too. 122780fb4a2SCy SchubertCONFIG_EAP_AKA_PRIME=y 123780fb4a2SCy Schubert 124780fb4a2SCy Schubert# Enable USIM simulator (Milenage) for EAP-AKA 125780fb4a2SCy Schubert#CONFIG_USIM_SIMULATOR=y 126780fb4a2SCy Schubert 127780fb4a2SCy Schubert# EAP-SAKE 128780fb4a2SCy Schubert#CONFIG_EAP_SAKE=y 129780fb4a2SCy Schubert 130780fb4a2SCy Schubert# EAP-GPSK 131780fb4a2SCy Schubert#CONFIG_EAP_GPSK=y 132780fb4a2SCy Schubert# Include support for optional SHA256 cipher suite in EAP-GPSK 133780fb4a2SCy Schubert#CONFIG_EAP_GPSK_SHA256=y 134780fb4a2SCy Schubert 135780fb4a2SCy Schubert# EAP-TNC and related Trusted Network Connect support (experimental) 136780fb4a2SCy Schubert#CONFIG_EAP_TNC=y 137780fb4a2SCy Schubert 138780fb4a2SCy Schubert# Wi-Fi Protected Setup (WPS) 139780fb4a2SCy SchubertCONFIG_WPS=y 140780fb4a2SCy Schubert# Enable WPS external registrar functionality 141780fb4a2SCy SchubertCONFIG_WPS_ER=y 142780fb4a2SCy Schubert# Disable credentials for an open network by default when acting as a WPS 143780fb4a2SCy Schubert# registrar. 144780fb4a2SCy Schubert#CONFIG_WPS_REG_DISABLE_OPEN=y 145780fb4a2SCy Schubert# Enable WPS support with NFC config method 146780fb4a2SCy SchubertCONFIG_WPS_NFC=y 147780fb4a2SCy Schubert 148780fb4a2SCy Schubert# EAP-IKEv2 149780fb4a2SCy Schubert#CONFIG_EAP_IKEV2=y 150780fb4a2SCy Schubert 15185732ac8SCy Schubert# EAP-EKE 15285732ac8SCy Schubert#CONFIG_EAP_EKE=y 15385732ac8SCy Schubert 154780fb4a2SCy Schubert# PKCS#12 (PFX) support (used to read private key and certificate file from 155780fb4a2SCy Schubert# a file that usually has extension .p12 or .pfx) 156780fb4a2SCy SchubertCONFIG_PKCS12=y 157780fb4a2SCy Schubert 158780fb4a2SCy Schubert# Smartcard support (i.e., private key on a smartcard), e.g., with openssl 159780fb4a2SCy Schubert# engine. 160780fb4a2SCy SchubertCONFIG_SMARTCARD=y 161780fb4a2SCy Schubert 162780fb4a2SCy Schubert# PC/SC interface for smartcards (USIM, GSM SIM) 163780fb4a2SCy Schubert# Enable this if EAP-SIM or EAP-AKA is included 164780fb4a2SCy Schubert#CONFIG_PCSC=y 165780fb4a2SCy Schubert 166780fb4a2SCy Schubert# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) 167780fb4a2SCy Schubert#CONFIG_HT_OVERRIDES=y 168780fb4a2SCy Schubert 169780fb4a2SCy Schubert# Support VHT overrides (disable VHT, mask MCS rates, etc.) 170780fb4a2SCy Schubert#CONFIG_VHT_OVERRIDES=y 171780fb4a2SCy Schubert 172780fb4a2SCy Schubert# Development testing 173780fb4a2SCy Schubert#CONFIG_EAPOL_TEST=y 174780fb4a2SCy Schubert 175780fb4a2SCy Schubert# Select control interface backend for external programs, e.g, wpa_cli: 176780fb4a2SCy Schubert# unix = UNIX domain sockets (default for Linux/*BSD) 177780fb4a2SCy Schubert# udp = UDP sockets using localhost (127.0.0.1) 17885732ac8SCy Schubert# udp6 = UDP IPv6 sockets using localhost (::1) 179780fb4a2SCy Schubert# named_pipe = Windows Named Pipe (default for Windows) 180780fb4a2SCy Schubert# udp-remote = UDP sockets with remote access (only for tests systems/purpose) 18185732ac8SCy Schubert# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) 182780fb4a2SCy Schubert# y = use default (backwards compatibility) 183780fb4a2SCy Schubert# If this option is commented out, control interface is not included in the 184780fb4a2SCy Schubert# build. 185780fb4a2SCy SchubertCONFIG_CTRL_IFACE=y 186780fb4a2SCy Schubert 187780fb4a2SCy Schubert# Include support for GNU Readline and History Libraries in wpa_cli. 188780fb4a2SCy Schubert# When building a wpa_cli binary for distribution, please note that these 189780fb4a2SCy Schubert# libraries are licensed under GPL and as such, BSD license may not apply for 190780fb4a2SCy Schubert# the resulting binary. 191780fb4a2SCy Schubert#CONFIG_READLINE=y 192780fb4a2SCy Schubert 193780fb4a2SCy Schubert# Include internal line edit mode in wpa_cli. This can be used as a replacement 194780fb4a2SCy Schubert# for GNU Readline to provide limited command line editing and history support. 195780fb4a2SCy SchubertCONFIG_WPA_CLI_EDIT=y 196780fb4a2SCy Schubert 197780fb4a2SCy Schubert# Remove debugging code that is printing out debug message to stdout. 198780fb4a2SCy Schubert# This can be used to reduce the size of the wpa_supplicant considerably 199780fb4a2SCy Schubert# if debugging code is not needed. The size reduction can be around 35% 200780fb4a2SCy Schubert# (e.g., 90 kB). 201780fb4a2SCy Schubert#CONFIG_NO_STDOUT_DEBUG=y 202780fb4a2SCy Schubert 203780fb4a2SCy Schubert# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save 204780fb4a2SCy Schubert# 35-50 kB in code size. 205780fb4a2SCy Schubert#CONFIG_NO_WPA=y 206780fb4a2SCy Schubert 207780fb4a2SCy Schubert# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support 208780fb4a2SCy Schubert# This option can be used to reduce code size by removing support for 209780fb4a2SCy Schubert# converting ASCII passphrases into PSK. If this functionality is removed, the 210780fb4a2SCy Schubert# PSK can only be configured as the 64-octet hexstring (e.g., from 211780fb4a2SCy Schubert# wpa_passphrase). This saves about 0.5 kB in code size. 212780fb4a2SCy Schubert#CONFIG_NO_WPA_PASSPHRASE=y 213780fb4a2SCy Schubert 214780fb4a2SCy Schubert# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. 215780fb4a2SCy Schubert# This can be used if ap_scan=1 mode is never enabled. 216780fb4a2SCy Schubert#CONFIG_NO_SCAN_PROCESSING=y 217780fb4a2SCy Schubert 218780fb4a2SCy Schubert# Select configuration backend: 219780fb4a2SCy Schubert# file = text file (e.g., wpa_supplicant.conf; note: the configuration file 220780fb4a2SCy Schubert# path is given on command line, not here; this option is just used to 221780fb4a2SCy Schubert# select the backend that allows configuration files to be used) 222780fb4a2SCy Schubert# winreg = Windows registry (see win_example.reg for an example) 223780fb4a2SCy SchubertCONFIG_BACKEND=file 224780fb4a2SCy Schubert 225780fb4a2SCy Schubert# Remove configuration write functionality (i.e., to allow the configuration 226780fb4a2SCy Schubert# file to be updated based on runtime configuration changes). The runtime 227780fb4a2SCy Schubert# configuration can still be changed, the changes are just not going to be 228780fb4a2SCy Schubert# persistent over restarts. This option can be used to reduce code size by 229780fb4a2SCy Schubert# about 3.5 kB. 230780fb4a2SCy Schubert#CONFIG_NO_CONFIG_WRITE=y 231780fb4a2SCy Schubert 232780fb4a2SCy Schubert# Remove support for configuration blobs to reduce code size by about 1.5 kB. 233780fb4a2SCy Schubert#CONFIG_NO_CONFIG_BLOBS=y 234780fb4a2SCy Schubert 235780fb4a2SCy Schubert# Select program entry point implementation: 236780fb4a2SCy Schubert# main = UNIX/POSIX like main() function (default) 237780fb4a2SCy Schubert# main_winsvc = Windows service (read parameters from registry) 238780fb4a2SCy Schubert# main_none = Very basic example (development use only) 239780fb4a2SCy Schubert#CONFIG_MAIN=main 240780fb4a2SCy Schubert 241780fb4a2SCy Schubert# Select wrapper for operating system and C library specific functions 242780fb4a2SCy Schubert# unix = UNIX/POSIX like systems (default) 243780fb4a2SCy Schubert# win32 = Windows systems 244780fb4a2SCy Schubert# none = Empty template 245780fb4a2SCy SchubertCONFIG_OS=unix 246780fb4a2SCy Schubert 247780fb4a2SCy Schubert# Select event loop implementation 248780fb4a2SCy Schubert# eloop = select() loop (default) 249780fb4a2SCy Schubert# eloop_win = Windows events and WaitForMultipleObject() loop 250780fb4a2SCy SchubertCONFIG_ELOOP=eloop 251780fb4a2SCy Schubert 252780fb4a2SCy Schubert# Should we use poll instead of select? Select is used by default. 253780fb4a2SCy Schubert#CONFIG_ELOOP_POLL=y 254780fb4a2SCy Schubert 255780fb4a2SCy Schubert# Should we use epoll instead of select? Select is used by default. 256780fb4a2SCy Schubert#CONFIG_ELOOP_EPOLL=y 257780fb4a2SCy Schubert 25885732ac8SCy Schubert# Should we use kqueue instead of select? Select is used by default. 25985732ac8SCy Schubert#CONFIG_ELOOP_KQUEUE=y 26085732ac8SCy Schubert 261780fb4a2SCy Schubert# Select layer 2 packet implementation 262780fb4a2SCy Schubert# linux = Linux packet socket (default) 263780fb4a2SCy Schubert# pcap = libpcap/libdnet/WinPcap 264780fb4a2SCy Schubert# freebsd = FreeBSD libpcap 265780fb4a2SCy Schubert# winpcap = WinPcap with receive thread 266780fb4a2SCy Schubert# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) 267780fb4a2SCy Schubert# none = Empty template 268780fb4a2SCy SchubertCONFIG_L2_PACKET=linux 269780fb4a2SCy Schubert 27085732ac8SCy Schubert# Disable Linux packet socket workaround applicable for station interface 27185732ac8SCy Schubert# in a bridge for EAPOL frames. This should be uncommented only if the kernel 27285732ac8SCy Schubert# is known to not have the regression issue in packet socket behavior with 27385732ac8SCy Schubert# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). 27485732ac8SCy Schubert#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y 275780fb4a2SCy Schubert 2764bc52338SCy Schubert# Support Operating Channel Validation 2774bc52338SCy Schubert#CONFIG_OCV=y 2784bc52338SCy Schubert 279780fb4a2SCy Schubert# Select TLS implementation 280780fb4a2SCy Schubert# openssl = OpenSSL (default) 281780fb4a2SCy Schubert# gnutls = GnuTLS 282780fb4a2SCy Schubert# internal = Internal TLSv1 implementation (experimental) 283780fb4a2SCy Schubert# none = Empty template 284780fb4a2SCy Schubert#CONFIG_TLS=openssl 285780fb4a2SCy Schubert 286780fb4a2SCy Schubert# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) 287780fb4a2SCy Schubert# can be enabled to get a stronger construction of messages when block ciphers 288780fb4a2SCy Schubert# are used. It should be noted that some existing TLS v1.0 -based 289780fb4a2SCy Schubert# implementation may not be compatible with TLS v1.1 message (ClientHello is 290780fb4a2SCy Schubert# sent prior to negotiating which version will be used) 291780fb4a2SCy Schubert#CONFIG_TLSV11=y 292780fb4a2SCy Schubert 293780fb4a2SCy Schubert# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) 294780fb4a2SCy Schubert# can be enabled to enable use of stronger crypto algorithms. It should be 295780fb4a2SCy Schubert# noted that some existing TLS v1.0 -based implementation may not be compatible 296780fb4a2SCy Schubert# with TLS v1.2 message (ClientHello is sent prior to negotiating which version 297780fb4a2SCy Schubert# will be used) 298780fb4a2SCy Schubert#CONFIG_TLSV12=y 299780fb4a2SCy Schubert 30085732ac8SCy Schubert# Select which ciphers to use by default with OpenSSL if the user does not 30185732ac8SCy Schubert# specify them. 30285732ac8SCy Schubert#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" 30385732ac8SCy Schubert 304780fb4a2SCy Schubert# If CONFIG_TLS=internal is used, additional library and include paths are 305780fb4a2SCy Schubert# needed for LibTomMath. Alternatively, an integrated, minimal version of 306780fb4a2SCy Schubert# LibTomMath can be used. See beginning of libtommath.c for details on benefits 307780fb4a2SCy Schubert# and drawbacks of this option. 308780fb4a2SCy Schubert#CONFIG_INTERNAL_LIBTOMMATH=y 309780fb4a2SCy Schubert#ifndef CONFIG_INTERNAL_LIBTOMMATH 310780fb4a2SCy Schubert#LTM_PATH=/usr/src/libtommath-0.39 311780fb4a2SCy Schubert#CFLAGS += -I$(LTM_PATH) 312780fb4a2SCy Schubert#LIBS += -L$(LTM_PATH) 313780fb4a2SCy Schubert#LIBS_p += -L$(LTM_PATH) 314780fb4a2SCy Schubert#endif 315780fb4a2SCy Schubert# At the cost of about 4 kB of additional binary size, the internal LibTomMath 316780fb4a2SCy Schubert# can be configured to include faster routines for exptmod, sqr, and div to 317780fb4a2SCy Schubert# speed up DH and RSA calculation considerably 318780fb4a2SCy Schubert#CONFIG_INTERNAL_LIBTOMMATH_FAST=y 319780fb4a2SCy Schubert 320780fb4a2SCy Schubert# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. 321780fb4a2SCy Schubert# This is only for Windows builds and requires WMI-related header files and 322780fb4a2SCy Schubert# WbemUuid.Lib from Platform SDK even when building with MinGW. 323780fb4a2SCy Schubert#CONFIG_NDIS_EVENTS_INTEGRATED=y 324780fb4a2SCy Schubert#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" 325780fb4a2SCy Schubert 326780fb4a2SCy Schubert# Add support for new DBus control interface 327780fb4a2SCy Schubert# (fi.w1.hostap.wpa_supplicant1) 328780fb4a2SCy Schubert#CONFIG_CTRL_IFACE_DBUS_NEW=y 329780fb4a2SCy Schubert 330780fb4a2SCy Schubert# Add introspection support for new DBus control interface 331780fb4a2SCy Schubert#CONFIG_CTRL_IFACE_DBUS_INTRO=y 332780fb4a2SCy Schubert 333780fb4a2SCy Schubert# Add support for Binder control interface 334780fb4a2SCy Schubert# Only applicable for Android platforms. 335780fb4a2SCy Schubert#CONFIG_CTRL_IFACE_BINDER=y 336780fb4a2SCy Schubert 337780fb4a2SCy Schubert# Add support for loading EAP methods dynamically as shared libraries. 338780fb4a2SCy Schubert# When this option is enabled, each EAP method can be either included 339780fb4a2SCy Schubert# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). 340780fb4a2SCy Schubert# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to 341780fb4a2SCy Schubert# be loaded in the beginning of the wpa_supplicant configuration file 342780fb4a2SCy Schubert# (see load_dynamic_eap parameter in the example file) before being used in 343780fb4a2SCy Schubert# the network blocks. 344780fb4a2SCy Schubert# 345780fb4a2SCy Schubert# Note that some shared parts of EAP methods are included in the main program 346780fb4a2SCy Schubert# and in order to be able to use dynamic EAP methods using these parts, the 347780fb4a2SCy Schubert# main program must have been build with the EAP method enabled (=y or =dyn). 348780fb4a2SCy Schubert# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries 349780fb4a2SCy Schubert# unless at least one of them was included in the main build to force inclusion 350780fb4a2SCy Schubert# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included 351780fb4a2SCy Schubert# in the main build to be able to load these methods dynamically. 352780fb4a2SCy Schubert# 353780fb4a2SCy Schubert# Please also note that using dynamic libraries will increase the total binary 354780fb4a2SCy Schubert# size. Thus, it may not be the best option for targets that have limited 355780fb4a2SCy Schubert# amount of memory/flash. 356780fb4a2SCy Schubert#CONFIG_DYNAMIC_EAP_METHODS=y 357780fb4a2SCy Schubert 35885732ac8SCy Schubert# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode 359780fb4a2SCy SchubertCONFIG_IEEE80211R=y 360780fb4a2SCy Schubert 361780fb4a2SCy Schubert# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) 362780fb4a2SCy Schubert#CONFIG_DEBUG_FILE=y 363780fb4a2SCy Schubert 364780fb4a2SCy Schubert# Send debug messages to syslog instead of stdout 365780fb4a2SCy Schubert#CONFIG_DEBUG_SYSLOG=y 366780fb4a2SCy Schubert# Set syslog facility for debug messages 367780fb4a2SCy Schubert#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON 368780fb4a2SCy Schubert 369780fb4a2SCy Schubert# Add support for sending all debug messages (regardless of debug verbosity) 370780fb4a2SCy Schubert# to the Linux kernel tracing facility. This helps debug the entire stack by 371780fb4a2SCy Schubert# making it easy to record everything happening from the driver up into the 372780fb4a2SCy Schubert# same file, e.g., using trace-cmd. 373780fb4a2SCy Schubert#CONFIG_DEBUG_LINUX_TRACING=y 374780fb4a2SCy Schubert 375780fb4a2SCy Schubert# Add support for writing debug log to Android logcat instead of standard 376780fb4a2SCy Schubert# output 377780fb4a2SCy SchubertCONFIG_ANDROID_LOG=y 378780fb4a2SCy Schubert 379780fb4a2SCy Schubert# Enable privilege separation (see README 'Privilege separation' for details) 380780fb4a2SCy Schubert#CONFIG_PRIVSEP=y 381780fb4a2SCy Schubert 382780fb4a2SCy Schubert# Enable mitigation against certain attacks against TKIP by delaying Michael 383780fb4a2SCy Schubert# MIC error reports by a random amount of time between 0 and 60 seconds 384780fb4a2SCy Schubert#CONFIG_DELAYED_MIC_ERROR_REPORT=y 385780fb4a2SCy Schubert 386780fb4a2SCy Schubert# Enable tracing code for developer debugging 387780fb4a2SCy Schubert# This tracks use of memory allocations and other registrations and reports 388780fb4a2SCy Schubert# incorrect use with a backtrace of call (or allocation) location. 389780fb4a2SCy Schubert#CONFIG_WPA_TRACE=y 390780fb4a2SCy Schubert# For BSD, uncomment these. 391780fb4a2SCy Schubert#LIBS += -lexecinfo 392780fb4a2SCy Schubert#LIBS_p += -lexecinfo 393780fb4a2SCy Schubert#LIBS_c += -lexecinfo 394780fb4a2SCy Schubert 395780fb4a2SCy Schubert# Use libbfd to get more details for developer debugging 396780fb4a2SCy Schubert# This enables use of libbfd to get more detailed symbols for the backtraces 397780fb4a2SCy Schubert# generated by CONFIG_WPA_TRACE=y. 398780fb4a2SCy Schubert#CONFIG_WPA_TRACE_BFD=y 399780fb4a2SCy Schubert# For BSD, uncomment these. 400780fb4a2SCy Schubert#LIBS += -lbfd -liberty -lz 401780fb4a2SCy Schubert#LIBS_p += -lbfd -liberty -lz 402780fb4a2SCy Schubert#LIBS_c += -lbfd -liberty -lz 403780fb4a2SCy Schubert 404780fb4a2SCy Schubert# wpa_supplicant depends on strong random number generation being available 405780fb4a2SCy Schubert# from the operating system. os_get_random() function is used to fetch random 406780fb4a2SCy Schubert# data when needed, e.g., for key generation. On Linux and BSD systems, this 407780fb4a2SCy Schubert# works by reading /dev/urandom. It should be noted that the OS entropy pool 408780fb4a2SCy Schubert# needs to be properly initialized before wpa_supplicant is started. This is 409780fb4a2SCy Schubert# important especially on embedded devices that do not have a hardware random 410780fb4a2SCy Schubert# number generator and may by default start up with minimal entropy available 411780fb4a2SCy Schubert# for random number generation. 412780fb4a2SCy Schubert# 413780fb4a2SCy Schubert# As a safety net, wpa_supplicant is by default trying to internally collect 414780fb4a2SCy Schubert# additional entropy for generating random data to mix in with the data fetched 415780fb4a2SCy Schubert# from the OS. This by itself is not considered to be very strong, but it may 416780fb4a2SCy Schubert# help in cases where the system pool is not initialized properly. However, it 417780fb4a2SCy Schubert# is very strongly recommended that the system pool is initialized with enough 418780fb4a2SCy Schubert# entropy either by using hardware assisted random number generator or by 419780fb4a2SCy Schubert# storing state over device reboots. 420780fb4a2SCy Schubert# 421780fb4a2SCy Schubert# wpa_supplicant can be configured to maintain its own entropy store over 422780fb4a2SCy Schubert# restarts to enhance random number generation. This is not perfect, but it is 423780fb4a2SCy Schubert# much more secure than using the same sequence of random numbers after every 424780fb4a2SCy Schubert# reboot. This can be enabled with -e<entropy file> command line option. The 425780fb4a2SCy Schubert# specified file needs to be readable and writable by wpa_supplicant. 426780fb4a2SCy Schubert# 427780fb4a2SCy Schubert# If the os_get_random() is known to provide strong random data (e.g., on 428780fb4a2SCy Schubert# Linux/BSD, the board in question is known to have reliable source of random 429780fb4a2SCy Schubert# data from /dev/urandom), the internal wpa_supplicant random pool can be 430780fb4a2SCy Schubert# disabled. This will save some in binary size and CPU use. However, this 431780fb4a2SCy Schubert# should only be considered for builds that are known to be used on devices 432780fb4a2SCy Schubert# that meet the requirements described above. 43385732ac8SCy Schubert 43485732ac8SCy Schubert# Wpa_supplicant's random pool is not necessary on Android. Randomness is 43585732ac8SCy Schubert# already provided by the entropymixer service which ensures sufficient 43685732ac8SCy Schubert# entropy is maintained across reboots. Commit b410eb1913 'Initialize 43785732ac8SCy Schubert# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before 43885732ac8SCy Schubert# either wpa_supplicant or hostapd are run. 43985732ac8SCy SchubertCONFIG_NO_RANDOM_POOL=y 440780fb4a2SCy Schubert 44185732ac8SCy Schubert# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) 44285732ac8SCy Schubert#CONFIG_IEEE80211AC=y 44385732ac8SCy Schubert 444780fb4a2SCy Schubert# Wireless Network Management (IEEE Std 802.11v-2011) 445780fb4a2SCy Schubert# Note: This is experimental and not complete implementation. 446780fb4a2SCy SchubertCONFIG_WNM=y 447780fb4a2SCy Schubert 448780fb4a2SCy Schubert# Interworking (IEEE 802.11u) 449780fb4a2SCy Schubert# This can be used to enable functionality to improve interworking with 450780fb4a2SCy Schubert# external networks (GAS/ANQP to learn more about the networks and network 451780fb4a2SCy Schubert# selection based on available credentials). 452780fb4a2SCy SchubertCONFIG_INTERWORKING=y 453780fb4a2SCy Schubert 454780fb4a2SCy Schubert# Hotspot 2.0 455780fb4a2SCy SchubertCONFIG_HS20=y 456780fb4a2SCy Schubert 45785732ac8SCy Schubert# Enable interface matching in wpa_supplicant 45885732ac8SCy Schubert#CONFIG_MATCH_IFACE=y 45985732ac8SCy Schubert 460780fb4a2SCy Schubert# Disable roaming in wpa_supplicant 461780fb4a2SCy SchubertCONFIG_NO_ROAMING=y 462780fb4a2SCy Schubert 463780fb4a2SCy Schubert# AP mode operations with wpa_supplicant 464780fb4a2SCy Schubert# This can be used for controlling AP mode operations with wpa_supplicant. It 465780fb4a2SCy Schubert# should be noted that this is mainly aimed at simple cases like 466780fb4a2SCy Schubert# WPA2-Personal while more complex configurations like WPA2-Enterprise with an 467780fb4a2SCy Schubert# external RADIUS server can be supported with hostapd. 468780fb4a2SCy SchubertCONFIG_AP=y 469780fb4a2SCy Schubert 470780fb4a2SCy Schubert# P2P (Wi-Fi Direct) 471780fb4a2SCy Schubert# This can be used to enable P2P support in wpa_supplicant. See README-P2P for 472780fb4a2SCy Schubert# more information on P2P operations. 473780fb4a2SCy SchubertCONFIG_P2P=y 474780fb4a2SCy Schubert 475780fb4a2SCy Schubert# Enable TDLS support 476780fb4a2SCy SchubertCONFIG_TDLS=y 477780fb4a2SCy Schubert 4784bc52338SCy Schubert# Wi-Fi Display 4794bc52338SCy Schubert# This can be used to enable Wi-Fi Display extensions for P2P using an external 480780fb4a2SCy Schubert# program to control the additional information exchanges in the messages. 481780fb4a2SCy SchubertCONFIG_WIFI_DISPLAY=y 482780fb4a2SCy Schubert 483780fb4a2SCy Schubert# Autoscan 484780fb4a2SCy Schubert# This can be used to enable automatic scan support in wpa_supplicant. 485780fb4a2SCy Schubert# See wpa_supplicant.conf for more information on autoscan usage. 486780fb4a2SCy Schubert# 487780fb4a2SCy Schubert# Enabling directly a module will enable autoscan support. 488780fb4a2SCy Schubert# For exponential module: 489780fb4a2SCy Schubert#CONFIG_AUTOSCAN_EXPONENTIAL=y 490780fb4a2SCy Schubert# For periodic module: 491780fb4a2SCy Schubert#CONFIG_AUTOSCAN_PERIODIC=y 492780fb4a2SCy Schubert 493780fb4a2SCy Schubert# Password (and passphrase, etc.) backend for external storage 494780fb4a2SCy Schubert# These optional mechanisms can be used to add support for storing passwords 495780fb4a2SCy Schubert# and other secrets in external (to wpa_supplicant) location. This allows, for 496780fb4a2SCy Schubert# example, operating system specific key storage to be used 497780fb4a2SCy Schubert# 498780fb4a2SCy Schubert# External password backend for testing purposes (developer use) 499780fb4a2SCy Schubert#CONFIG_EXT_PASSWORD_TEST=y 500780fb4a2SCy Schubert 501780fb4a2SCy Schubert# Enable Fast Session Transfer (FST) 502780fb4a2SCy Schubert#CONFIG_FST=y 503780fb4a2SCy Schubert 504780fb4a2SCy Schubert# Support Multi Band Operation 505780fb4a2SCy Schubert#CONFIG_MBO=y 506780fb4a2SCy Schubert 50785732ac8SCy Schubert# Fast Initial Link Setup (FILS) (IEEE 802.11ai) 50885732ac8SCy Schubert#CONFIG_FILS=y 50985732ac8SCy Schubert 51085732ac8SCy Schubert# Support RSN on IBSS networks 51185732ac8SCy Schubert# This is needed to be able to use mode=1 network profile with proto=RSN and 51285732ac8SCy Schubert# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). 51385732ac8SCy Schubert#CONFIG_IBSS_RSN=y 51485732ac8SCy Schubert 51585732ac8SCy Schubert# External PMKSA cache control 51685732ac8SCy Schubert# This can be used to enable control interface commands that allow the current 51785732ac8SCy Schubert# PMKSA cache entries to be fetched and new entries to be added. 51885732ac8SCy Schubert#CONFIG_PMKSA_CACHE_EXTERNAL=y 51985732ac8SCy Schubert 52085732ac8SCy Schubert# Mesh Networking (IEEE 802.11s) 52185732ac8SCy Schubert#CONFIG_MESH=y 52285732ac8SCy Schubert 52385732ac8SCy Schubert# Background scanning modules 52485732ac8SCy Schubert# These can be used to request wpa_supplicant to perform background scanning 52585732ac8SCy Schubert# operations for roaming within an ESS (same SSID). See the bgscan parameter in 52685732ac8SCy Schubert# the wpa_supplicant.conf file for more details. 52785732ac8SCy Schubert# Periodic background scans based on signal strength 52885732ac8SCy Schubert#CONFIG_BGSCAN_SIMPLE=y 52985732ac8SCy Schubert# Learn channels used by the network and try to avoid bgscans on other 53085732ac8SCy Schubert# channels (experimental) 53185732ac8SCy Schubert#CONFIG_BGSCAN_LEARN=y 53285732ac8SCy Schubert 53385732ac8SCy Schubert# Opportunistic Wireless Encryption (OWE) 53485732ac8SCy Schubert# Experimental implementation of draft-harkins-owe-07.txt 53585732ac8SCy Schubert#CONFIG_OWE=y 53685732ac8SCy Schubert 537*c1d255d3SCy Schubert# Wired equivalent privacy (WEP) 538*c1d255d3SCy Schubert# WEP is an obsolete cryptographic data confidentiality algorithm that is not 539*c1d255d3SCy Schubert# considered secure. It should not be used for anything anymore. The 540*c1d255d3SCy Schubert# functionality needed to use WEP is available in the current wpa_supplicant 541*c1d255d3SCy Schubert# release under this optional build parameter. This functionality is subject to 542*c1d255d3SCy Schubert# be completely removed in a future release. 543*c1d255d3SCy SchubertCONFIG_WEP=y 544*c1d255d3SCy Schubert 545780fb4a2SCy Schubertinclude $(wildcard $(LOCAL_PATH)/android_config_*.inc) 546