]>
Commit | Line | Data |
---|---|---|
d8a4d054 AM |
1 | # Example wpa_supplicant build time configuration |
2 | # | |
586a3b37 | 3 | # This file lists the configuration options that are used when building the |
d8a4d054 AM |
4 | # wpa_supplicant binary. All lines starting with # are ignored. Configuration |
5 | # option lines must be commented out complete, if they are not to be included, | |
6 | # i.e., just setting VARIABLE=n is not disabling that variable. | |
586a3b37 JB |
7 | # |
8 | # This file is included in Makefile, so variables like CFLAGS and LIBS can also | |
9 | # be modified from here. In most cases, these lines should use += in order not | |
10 | # to override previous values of the variables. | |
bde40618 | 11 | |
bde40618 | 12 | |
586a3b37 JB |
13 | # Uncomment following two lines and fix the paths if you have installed OpenSSL |
14 | # or GnuTLS in non-default location | |
15 | #CFLAGS += -I/usr/local/openssl/include | |
16 | #LIBS += -L/usr/local/openssl/lib | |
bde40618 | 17 | |
586a3b37 JB |
18 | # Some Red Hat versions seem to include kerberos header files from OpenSSL, but |
19 | # the kerberos files are not in the default include path. Following line can be | |
20 | # used to fix build issues on such systems (krb5.h not found). | |
21 | #CFLAGS += -I/usr/include/kerberos | |
bde40618 | 22 | |
586a3b37 JB |
23 | # Driver interface for Host AP driver |
24 | CONFIG_DRIVER_HOSTAP=y | |
bd214586 | 25 | |
bde40618 | 26 | # Driver interface for generic Linux wireless extensions |
bd214586 JB |
27 | # Note: WEXT is deprecated in the current Linux kernel version and no new |
28 | # functionality is added to it. nl80211-based interface is the new | |
29 | # replacement for WEXT and its use allows wpa_supplicant to properly control | |
30 | # the driver to improve existing functionality like roaming and to support new | |
31 | # functionality. | |
bde40618 | 32 | CONFIG_DRIVER_WEXT=y |
33 | ||
ac6977a4 AM |
34 | # Driver interface for Linux drivers using the nl80211 kernel interface |
35 | CONFIG_DRIVER_NL80211=y | |
36 | ||
d8a4d054 AM |
37 | # QCA vendor extensions to nl80211 |
38 | #CONFIG_DRIVER_NL80211_QCA=y | |
39 | ||
586a3b37 JB |
40 | # driver_nl80211.c requires libnl. If you are compiling it yourself |
41 | # you may need to point hostapd to your version of libnl. | |
42 | # | |
43 | #CFLAGS += -I$<path to libnl include files> | |
44 | #LIBS += -L$<path to libnl library files> | |
45 | ||
46 | # Use libnl v2.0 (or 3.0) libraries. | |
47 | #CONFIG_LIBNL20=y | |
48 | ||
49 | # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) | |
50 | CONFIG_LIBNL32=y | |
51 | ||
52 | ||
53 | # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) | |
54 | #CONFIG_DRIVER_BSD=y | |
55 | #CFLAGS += -I/usr/local/include | |
56 | #LIBS += -L/usr/local/lib | |
57 | #LIBS_p += -L/usr/local/lib | |
58 | #LIBS_c += -L/usr/local/lib | |
59 | ||
60 | # Driver interface for Windows NDIS | |
61 | #CONFIG_DRIVER_NDIS=y | |
62 | #CFLAGS += -I/usr/include/w32api/ddk | |
63 | #LIBS += -L/usr/local/lib | |
64 | # For native build using mingw | |
65 | #CONFIG_NATIVE_WINDOWS=y | |
66 | # Additional directories for cross-compilation on Linux host for mingw target | |
67 | #CFLAGS += -I/opt/mingw/mingw32/include/ddk | |
68 | #LIBS += -L/opt/mingw/mingw32/lib | |
69 | #CC=mingw32-gcc | |
70 | # By default, driver_ndis uses WinPcap for low-level operations. This can be | |
71 | # replaced with the following option which replaces WinPcap calls with NDISUIO. | |
72 | # However, this requires that WZC is disabled (net stop wzcsvc) before starting | |
73 | # wpa_supplicant. | |
74 | # CONFIG_USE_NDISUIO=y | |
bde40618 | 75 | |
0ccf20c0 MB |
76 | # Driver interface for wired Ethernet drivers |
77 | CONFIG_DRIVER_WIRED=y | |
78 | ||
d8a4d054 AM |
79 | # Driver interface for MACsec capable Qualcomm Atheros drivers |
80 | #CONFIG_DRIVER_MACSEC_QCA=y | |
81 | ||
82 | # Driver interface for Linux MACsec drivers | |
83 | CONFIG_DRIVER_MACSEC_LINUX=y | |
84 | ||
bd214586 JB |
85 | # Driver interface for the Broadcom RoboSwitch family |
86 | #CONFIG_DRIVER_ROBOSWITCH=y | |
87 | ||
88 | # Driver interface for no driver (e.g., WPS ER only) | |
89 | #CONFIG_DRIVER_NONE=y | |
90 | ||
586a3b37 JB |
91 | # Solaris libraries |
92 | #LIBS += -lsocket -ldlpi -lnsl | |
93 | #LIBS_c += -lsocket | |
94 | ||
d8a4d054 AM |
95 | # Enable IEEE 802.1X Supplicant (automatically included if any EAP method or |
96 | # MACsec is included) | |
bde40618 | 97 | CONFIG_IEEE8021X_EAPOL=y |
98 | ||
bd214586 | 99 | # EAP-MD5 |
bde40618 | 100 | CONFIG_EAP_MD5=y |
101 | ||
bd214586 | 102 | # EAP-MSCHAPv2 |
bde40618 | 103 | CONFIG_EAP_MSCHAPV2=y |
104 | ||
105 | # EAP-TLS | |
106 | CONFIG_EAP_TLS=y | |
107 | ||
108 | # EAL-PEAP | |
109 | CONFIG_EAP_PEAP=y | |
110 | ||
111 | # EAP-TTLS | |
112 | CONFIG_EAP_TTLS=y | |
113 | ||
68fb2727 | 114 | # EAP-FAST |
d8a4d054 AM |
115 | CONFIG_EAP_FAST=y |
116 | ||
117 | # EAP-TEAP | |
118 | # Note: The current EAP-TEAP implementation is experimental and should not be | |
119 | # enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number | |
120 | # of conflicting statements and missing details and the implementation has | |
121 | # vendor specific workarounds for those and as such, may not interoperate with | |
122 | # any other implementation. This should not be used for anything else than | |
123 | # experimentation and interoperability testing until those issues has been | |
124 | # resolved. | |
125 | #CONFIG_EAP_TEAP=y | |
68fb2727 | 126 | |
bde40618 | 127 | # EAP-GTC |
128 | CONFIG_EAP_GTC=y | |
129 | ||
130 | # EAP-OTP | |
131 | CONFIG_EAP_OTP=y | |
132 | ||
133 | # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) | |
134 | #CONFIG_EAP_SIM=y | |
135 | ||
d8a4d054 AM |
136 | # Enable SIM simulator (Milenage) for EAP-SIM |
137 | #CONFIG_SIM_SIMULATOR=y | |
138 | ||
bde40618 | 139 | # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) |
140 | #CONFIG_EAP_PSK=y | |
141 | ||
bd214586 | 142 | # EAP-pwd (secure authentication using only a password) |
d8a4d054 | 143 | CONFIG_EAP_PWD=y |
bd214586 | 144 | |
68fb2727 PG |
145 | # EAP-PAX |
146 | CONFIG_EAP_PAX=y | |
147 | ||
bde40618 | 148 | # LEAP |
149 | CONFIG_EAP_LEAP=y | |
150 | ||
151 | # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) | |
152 | #CONFIG_EAP_AKA=y | |
153 | ||
ac6977a4 AM |
154 | # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). |
155 | # This requires CONFIG_EAP_AKA to be enabled, too. | |
156 | #CONFIG_EAP_AKA_PRIME=y | |
157 | ||
158 | # Enable USIM simulator (Milenage) for EAP-AKA | |
159 | #CONFIG_USIM_SIMULATOR=y | |
160 | ||
68fb2727 PG |
161 | # EAP-SAKE |
162 | CONFIG_EAP_SAKE=y | |
163 | ||
164 | # EAP-GPSK | |
165 | CONFIG_EAP_GPSK=y | |
166 | # Include support for optional SHA256 cipher suite in EAP-GPSK | |
167 | CONFIG_EAP_GPSK_SHA256=y | |
168 | ||
ac6977a4 | 169 | # EAP-TNC and related Trusted Network Connect support (experimental) |
d8a4d054 | 170 | CONFIG_EAP_TNC=y |
ac6977a4 AM |
171 | |
172 | # Wi-Fi Protected Setup (WPS) | |
d8a4d054 | 173 | CONFIG_WPS=y |
bd214586 JB |
174 | # Enable WPS external registrar functionality |
175 | #CONFIG_WPS_ER=y | |
176 | # Disable credentials for an open network by default when acting as a WPS | |
177 | # registrar. | |
178 | #CONFIG_WPS_REG_DISABLE_OPEN=y | |
de1f0e4e JB |
179 | # Enable WPS support with NFC config method |
180 | CONFIG_WPS_NFC=y | |
bd214586 | 181 | |
ac6977a4 | 182 | # EAP-IKEv2 |
d8a4d054 | 183 | CONFIG_EAP_IKEV2=y |
ac6977a4 | 184 | |
586a3b37 JB |
185 | # EAP-EKE |
186 | #CONFIG_EAP_EKE=y | |
187 | ||
d8a4d054 AM |
188 | # MACsec |
189 | CONFIG_MACSEC=y | |
190 | ||
bde40618 | 191 | # PKCS#12 (PFX) support (used to read private key and certificate file from |
192 | # a file that usually has extension .p12 or .pfx) | |
193 | CONFIG_PKCS12=y | |
194 | ||
68fb2727 PG |
195 | # Smartcard support (i.e., private key on a smartcard), e.g., with openssl |
196 | # engine. | |
197 | CONFIG_SMARTCARD=y | |
198 | ||
bde40618 | 199 | # PC/SC interface for smartcards (USIM, GSM SIM) |
200 | # Enable this if EAP-SIM or EAP-AKA is included | |
201 | #CONFIG_PCSC=y | |
202 | ||
de1f0e4e JB |
203 | # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) |
204 | #CONFIG_HT_OVERRIDES=y | |
205 | ||
586a3b37 JB |
206 | # Support VHT overrides (disable VHT, mask MCS rates, etc.) |
207 | #CONFIG_VHT_OVERRIDES=y | |
208 | ||
bde40618 | 209 | # Development testing |
210 | #CONFIG_EAPOL_TEST=y | |
211 | ||
68fb2727 PG |
212 | # Select control interface backend for external programs, e.g, wpa_cli: |
213 | # unix = UNIX domain sockets (default for Linux/*BSD) | |
214 | # udp = UDP sockets using localhost (127.0.0.1) | |
586a3b37 | 215 | # udp6 = UDP IPv6 sockets using localhost (::1) |
68fb2727 | 216 | # named_pipe = Windows Named Pipe (default for Windows) |
de1f0e4e | 217 | # udp-remote = UDP sockets with remote access (only for tests systems/purpose) |
586a3b37 | 218 | # udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) |
68fb2727 PG |
219 | # y = use default (backwards compatibility) |
220 | # If this option is commented out, control interface is not included in the | |
221 | # build. | |
bde40618 | 222 | CONFIG_CTRL_IFACE=y |
223 | ||
bde40618 | 224 | # Include support for GNU Readline and History Libraries in wpa_cli. |
225 | # When building a wpa_cli binary for distribution, please note that these | |
226 | # libraries are licensed under GPL and as such, BSD license may not apply for | |
227 | # the resulting binary. | |
228 | CONFIG_READLINE=y | |
68fb2727 | 229 | |
bd214586 JB |
230 | # Include internal line edit mode in wpa_cli. This can be used as a replacement |
231 | # for GNU Readline to provide limited command line editing and history support. | |
232 | #CONFIG_WPA_CLI_EDIT=y | |
233 | ||
68fb2727 PG |
234 | # Remove debugging code that is printing out debug message to stdout. |
235 | # This can be used to reduce the size of the wpa_supplicant considerably | |
236 | # if debugging code is not needed. The size reduction can be around 35% | |
237 | # (e.g., 90 kB). | |
238 | #CONFIG_NO_STDOUT_DEBUG=y | |
239 | ||
240 | # Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save | |
241 | # 35-50 kB in code size. | |
242 | #CONFIG_NO_WPA=y | |
243 | ||
bd214586 JB |
244 | # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support |
245 | # This option can be used to reduce code size by removing support for | |
246 | # converting ASCII passphrases into PSK. If this functionality is removed, the | |
247 | # PSK can only be configured as the 64-octet hexstring (e.g., from | |
248 | # wpa_passphrase). This saves about 0.5 kB in code size. | |
249 | #CONFIG_NO_WPA_PASSPHRASE=y | |
250 | ||
d8a4d054 AM |
251 | # Simultaneous Authentication of Equals (SAE), WPA3-Personal |
252 | CONFIG_SAE=y | |
253 | ||
bd214586 JB |
254 | # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. |
255 | # This can be used if ap_scan=1 mode is never enabled. | |
256 | #CONFIG_NO_SCAN_PROCESSING=y | |
68fb2727 PG |
257 | |
258 | # Select configuration backend: | |
259 | # file = text file (e.g., wpa_supplicant.conf; note: the configuration file | |
260 | # path is given on command line, not here; this option is just used to | |
261 | # select the backend that allows configuration files to be used) | |
262 | # winreg = Windows registry (see win_example.reg for an example) | |
263 | CONFIG_BACKEND=file | |
264 | ||
ac6977a4 AM |
265 | # Remove configuration write functionality (i.e., to allow the configuration |
266 | # file to be updated based on runtime configuration changes). The runtime | |
267 | # configuration can still be changed, the changes are just not going to be | |
268 | # persistent over restarts. This option can be used to reduce code size by | |
269 | # about 3.5 kB. | |
270 | #CONFIG_NO_CONFIG_WRITE=y | |
271 | ||
272 | # Remove support for configuration blobs to reduce code size by about 1.5 kB. | |
273 | #CONFIG_NO_CONFIG_BLOBS=y | |
274 | ||
68fb2727 PG |
275 | # Select program entry point implementation: |
276 | # main = UNIX/POSIX like main() function (default) | |
277 | # main_winsvc = Windows service (read parameters from registry) | |
278 | # main_none = Very basic example (development use only) | |
279 | #CONFIG_MAIN=main | |
280 | ||
586a3b37 | 281 | # Select wrapper for operating system and C library specific functions |
68fb2727 PG |
282 | # unix = UNIX/POSIX like systems (default) |
283 | # win32 = Windows systems | |
284 | # none = Empty template | |
d8a4d054 | 285 | #CONFIG_OS=unix |
68fb2727 PG |
286 | |
287 | # Select event loop implementation | |
288 | # eloop = select() loop (default) | |
289 | # eloop_win = Windows events and WaitForMultipleObject() loop | |
68fb2727 PG |
290 | #CONFIG_ELOOP=eloop |
291 | ||
de1f0e4e JB |
292 | # Should we use poll instead of select? Select is used by default. |
293 | #CONFIG_ELOOP_POLL=y | |
294 | ||
586a3b37 | 295 | # Should we use epoll instead of select? Select is used by default. |
8afd4308 | 296 | #CONFIG_ELOOP_EPOLL=y |
586a3b37 | 297 | |
d8a4d054 AM |
298 | # Should we use kqueue instead of select? Select is used by default. |
299 | #CONFIG_ELOOP_KQUEUE=y | |
300 | ||
68fb2727 PG |
301 | # Select layer 2 packet implementation |
302 | # linux = Linux packet socket (default) | |
303 | # pcap = libpcap/libdnet/WinPcap | |
304 | # freebsd = FreeBSD libpcap | |
305 | # winpcap = WinPcap with receive thread | |
306 | # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) | |
307 | # none = Empty template | |
ac6977a4 | 308 | CONFIG_L2_PACKET=linux |
68fb2727 | 309 | |
d8a4d054 AM |
310 | # Disable Linux packet socket workaround applicable for station interface |
311 | # in a bridge for EAPOL frames. This should be uncommented only if the kernel | |
312 | # is known to not have the regression issue in packet socket behavior with | |
313 | # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). | |
314 | #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y | |
68fb2727 | 315 | |
de1f0e4e | 316 | # IEEE 802.11w (management frame protection), also known as PMF |
68fb2727 | 317 | # Driver support is also needed for IEEE 802.11w. |
ac6977a4 | 318 | CONFIG_IEEE80211W=y |
68fb2727 | 319 | |
d8a4d054 AM |
320 | # Support Operating Channel Validation |
321 | #CONFIG_OCV=y | |
322 | ||
68fb2727 PG |
323 | # Select TLS implementation |
324 | # openssl = OpenSSL (default) | |
bd214586 | 325 | # gnutls = GnuTLS |
68fb2727 | 326 | # internal = Internal TLSv1 implementation (experimental) |
d8a4d054 | 327 | # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
68fb2727 | 328 | # none = Empty template |
d8a4d054 | 329 | CONFIG_TLS=openssl |
68fb2727 | 330 | |
bd214586 JB |
331 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
332 | # can be enabled to get a stronger construction of messages when block ciphers | |
333 | # are used. It should be noted that some existing TLS v1.0 -based | |
334 | # implementation may not be compatible with TLS v1.1 message (ClientHello is | |
335 | # sent prior to negotiating which version will be used) | |
d8a4d054 | 336 | CONFIG_TLSV11=y |
68fb2727 | 337 | |
de1f0e4e JB |
338 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
339 | # can be enabled to enable use of stronger crypto algorithms. It should be | |
340 | # noted that some existing TLS v1.0 -based implementation may not be compatible | |
341 | # with TLS v1.2 message (ClientHello is sent prior to negotiating which version | |
342 | # will be used) | |
343 | CONFIG_TLSV12=y | |
344 | ||
d8a4d054 AM |
345 | # Select which ciphers to use by default with OpenSSL if the user does not |
346 | # specify them. | |
91de2285 | 347 | CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
d8a4d054 | 348 | |
68fb2727 PG |
349 | # If CONFIG_TLS=internal is used, additional library and include paths are |
350 | # needed for LibTomMath. Alternatively, an integrated, minimal version of | |
351 | # LibTomMath can be used. See beginning of libtommath.c for details on benefits | |
352 | # and drawbacks of this option. | |
353 | #CONFIG_INTERNAL_LIBTOMMATH=y | |
354 | #ifndef CONFIG_INTERNAL_LIBTOMMATH | |
355 | #LTM_PATH=/usr/src/libtommath-0.39 | |
356 | #CFLAGS += -I$(LTM_PATH) | |
357 | #LIBS += -L$(LTM_PATH) | |
358 | #LIBS_p += -L$(LTM_PATH) | |
359 | #endif | |
ac6977a4 AM |
360 | # At the cost of about 4 kB of additional binary size, the internal LibTomMath |
361 | # can be configured to include faster routines for exptmod, sqr, and div to | |
362 | # speed up DH and RSA calculation considerably | |
363 | #CONFIG_INTERNAL_LIBTOMMATH_FAST=y | |
364 | ||
365 | # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. | |
366 | # This is only for Windows builds and requires WMI-related header files and | |
367 | # WbemUuid.Lib from Platform SDK even when building with MinGW. | |
368 | #CONFIG_NDIS_EVENTS_INTEGRATED=y | |
369 | #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" | |
370 | ||
ac6977a4 AM |
371 | # Add support for new DBus control interface |
372 | # (fi.w1.hostap.wpa_supplicant1) | |
d8a4d054 | 373 | CONFIG_CTRL_IFACE_DBUS_NEW=y |
ac6977a4 AM |
374 | |
375 | # Add introspection support for new DBus control interface | |
d8a4d054 | 376 | CONFIG_CTRL_IFACE_DBUS_INTRO=y |
ac6977a4 | 377 | |
68fb2727 PG |
378 | # Add support for loading EAP methods dynamically as shared libraries. |
379 | # When this option is enabled, each EAP method can be either included | |
380 | # statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). | |
381 | # Dynamic EAP methods are build as shared objects (eap_*.so) and they need to | |
382 | # be loaded in the beginning of the wpa_supplicant configuration file | |
383 | # (see load_dynamic_eap parameter in the example file) before being used in | |
384 | # the network blocks. | |
385 | # | |
386 | # Note that some shared parts of EAP methods are included in the main program | |
387 | # and in order to be able to use dynamic EAP methods using these parts, the | |
388 | # main program must have been build with the EAP method enabled (=y or =dyn). | |
389 | # This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries | |
390 | # unless at least one of them was included in the main build to force inclusion | |
391 | # of the shared code. Similarly, at least one of EAP-SIM/AKA must be included | |
392 | # in the main build to be able to load these methods dynamically. | |
393 | # | |
394 | # Please also note that using dynamic libraries will increase the total binary | |
395 | # size. Thus, it may not be the best option for targets that have limited | |
396 | # amount of memory/flash. | |
397 | #CONFIG_DYNAMIC_EAP_METHODS=y | |
398 | ||
d8a4d054 | 399 | # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode |
ac6977a4 AM |
400 | CONFIG_IEEE80211R=y |
401 | ||
402 | # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) | |
8b73356c | 403 | CONFIG_DEBUG_FILE=y |
ac6977a4 | 404 | |
bd214586 | 405 | # Send debug messages to syslog instead of stdout |
d2561929 | 406 | CONFIG_DEBUG_SYSLOG=y |
bd214586 | 407 | # Set syslog facility for debug messages |
d8a4d054 | 408 | #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON |
bd214586 | 409 | |
de1f0e4e JB |
410 | # Add support for sending all debug messages (regardless of debug verbosity) |
411 | # to the Linux kernel tracing facility. This helps debug the entire stack by | |
412 | # making it easy to record everything happening from the driver up into the | |
413 | # same file, e.g., using trace-cmd. | |
414 | #CONFIG_DEBUG_LINUX_TRACING=y | |
415 | ||
586a3b37 JB |
416 | # Add support for writing debug log to Android logcat instead of standard |
417 | # output | |
418 | #CONFIG_ANDROID_LOG=y | |
419 | ||
ac6977a4 AM |
420 | # Enable privilege separation (see README 'Privilege separation' for details) |
421 | #CONFIG_PRIVSEP=y | |
422 | ||
423 | # Enable mitigation against certain attacks against TKIP by delaying Michael | |
424 | # MIC error reports by a random amount of time between 0 and 60 seconds | |
425 | #CONFIG_DELAYED_MIC_ERROR_REPORT=y | |
426 | ||
427 | # Enable tracing code for developer debugging | |
428 | # This tracks use of memory allocations and other registrations and reports | |
429 | # incorrect use with a backtrace of call (or allocation) location. | |
430 | #CONFIG_WPA_TRACE=y | |
bd214586 | 431 | # For BSD, uncomment these. |
ac6977a4 AM |
432 | #LIBS += -lexecinfo |
433 | #LIBS_p += -lexecinfo | |
434 | #LIBS_c += -lexecinfo | |
435 | ||
436 | # Use libbfd to get more details for developer debugging | |
437 | # This enables use of libbfd to get more detailed symbols for the backtraces | |
438 | # generated by CONFIG_WPA_TRACE=y. | |
439 | #CONFIG_WPA_TRACE_BFD=y | |
bd214586 | 440 | # For BSD, uncomment these. |
ac6977a4 AM |
441 | #LIBS += -lbfd -liberty -lz |
442 | #LIBS_p += -lbfd -liberty -lz | |
443 | #LIBS_c += -lbfd -liberty -lz | |
68fb2727 | 444 | |
bd214586 JB |
445 | # wpa_supplicant depends on strong random number generation being available |
446 | # from the operating system. os_get_random() function is used to fetch random | |
447 | # data when needed, e.g., for key generation. On Linux and BSD systems, this | |
448 | # works by reading /dev/urandom. It should be noted that the OS entropy pool | |
449 | # needs to be properly initialized before wpa_supplicant is started. This is | |
450 | # important especially on embedded devices that do not have a hardware random | |
451 | # number generator and may by default start up with minimal entropy available | |
452 | # for random number generation. | |
453 | # | |
454 | # As a safety net, wpa_supplicant is by default trying to internally collect | |
455 | # additional entropy for generating random data to mix in with the data fetched | |
456 | # from the OS. This by itself is not considered to be very strong, but it may | |
457 | # help in cases where the system pool is not initialized properly. However, it | |
458 | # is very strongly recommended that the system pool is initialized with enough | |
459 | # entropy either by using hardware assisted random number generator or by | |
460 | # storing state over device reboots. | |
461 | # | |
462 | # wpa_supplicant can be configured to maintain its own entropy store over | |
463 | # restarts to enhance random number generation. This is not perfect, but it is | |
464 | # much more secure than using the same sequence of random numbers after every | |
465 | # reboot. This can be enabled with -e<entropy file> command line option. The | |
466 | # specified file needs to be readable and writable by wpa_supplicant. | |
467 | # | |
468 | # If the os_get_random() is known to provide strong random data (e.g., on | |
469 | # Linux/BSD, the board in question is known to have reliable source of random | |
470 | # data from /dev/urandom), the internal wpa_supplicant random pool can be | |
471 | # disabled. This will save some in binary size and CPU use. However, this | |
472 | # should only be considered for builds that are known to be used on devices | |
473 | # that meet the requirements described above. | |
474 | #CONFIG_NO_RANDOM_POOL=y | |
475 | ||
d8a4d054 AM |
476 | # Should we attempt to use the getrandom(2) call that provides more reliable |
477 | # yet secure randomness source than /dev/random on Linux 3.17 and newer. | |
478 | # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. | |
479 | CONFIG_GETRANDOM=y | |
480 | ||
bd214586 | 481 | # IEEE 802.11n (High Throughput) support (mainly for AP mode) |
586a3b37 JB |
482 | CONFIG_IEEE80211N=y |
483 | ||
484 | # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) | |
485 | # (depends on CONFIG_IEEE80211N) | |
486 | CONFIG_IEEE80211AC=y | |
bd214586 | 487 | |
de1f0e4e JB |
488 | # Wireless Network Management (IEEE Std 802.11v-2011) |
489 | # Note: This is experimental and not complete implementation. | |
490 | #CONFIG_WNM=y | |
491 | ||
bd214586 JB |
492 | # Interworking (IEEE 802.11u) |
493 | # This can be used to enable functionality to improve interworking with | |
494 | # external networks (GAS/ANQP to learn more about the networks and network | |
495 | # selection based on available credentials). | |
d8a4d054 | 496 | CONFIG_INTERWORKING=y |
de1f0e4e JB |
497 | |
498 | # Hotspot 2.0 | |
499 | CONFIG_HS20=y | |
500 | ||
d8a4d054 AM |
501 | # Enable interface matching in wpa_supplicant |
502 | #CONFIG_MATCH_IFACE=y | |
503 | ||
586a3b37 JB |
504 | # Disable roaming in wpa_supplicant |
505 | #CONFIG_NO_ROAMING=y | |
506 | ||
de1f0e4e JB |
507 | # AP mode operations with wpa_supplicant |
508 | # This can be used for controlling AP mode operations with wpa_supplicant. It | |
509 | # should be noted that this is mainly aimed at simple cases like | |
510 | # WPA2-Personal while more complex configurations like WPA2-Enterprise with an | |
511 | # external RADIUS server can be supported with hostapd. | |
512 | CONFIG_AP=y | |
513 | ||
514 | # P2P (Wi-Fi Direct) | |
515 | # This can be used to enable P2P support in wpa_supplicant. See README-P2P for | |
516 | # more information on P2P operations. | |
517 | CONFIG_P2P=y | |
518 | ||
586a3b37 JB |
519 | # Enable TDLS support |
520 | #CONFIG_TDLS=y | |
521 | ||
d8a4d054 AM |
522 | # Wi-Fi Display |
523 | # This can be used to enable Wi-Fi Display extensions for P2P using an external | |
586a3b37 | 524 | # program to control the additional information exchanges in the messages. |
d8a4d054 | 525 | CONFIG_WIFI_DISPLAY=y |
586a3b37 | 526 | |
de1f0e4e JB |
527 | # Autoscan |
528 | # This can be used to enable automatic scan support in wpa_supplicant. | |
529 | # See wpa_supplicant.conf for more information on autoscan usage. | |
bd214586 | 530 | # |
de1f0e4e JB |
531 | # Enabling directly a module will enable autoscan support. |
532 | # For exponential module: | |
533 | CONFIG_AUTOSCAN_EXPONENTIAL=y | |
534 | # For periodic module: | |
535 | CONFIG_AUTOSCAN_PERIODIC=y | |
536 | ||
537 | # Password (and passphrase, etc.) backend for external storage | |
538 | # These optional mechanisms can be used to add support for storing passwords | |
539 | # and other secrets in external (to wpa_supplicant) location. This allows, for | |
540 | # example, operating system specific key storage to be used | |
541 | # | |
542 | # External password backend for testing purposes (developer use) | |
543 | #CONFIG_EXT_PASSWORD_TEST=y | |
544 | ||
586a3b37 JB |
545 | # Enable Fast Session Transfer (FST) |
546 | #CONFIG_FST=y | |
547 | ||
548 | # Enable CLI commands for FST testing | |
549 | #CONFIG_FST_TEST=y | |
550 | ||
551 | # OS X builds. This is only for building eapol_test. | |
552 | #CONFIG_OSX=y | |
d8a4d054 AM |
553 | |
554 | # Automatic Channel Selection | |
555 | # This will allow wpa_supplicant to pick the channel automatically when channel | |
556 | # is set to "0". | |
557 | # | |
558 | # TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative | |
559 | # to "channel=0". This would enable us to eventually add other ACS algorithms in | |
560 | # similar way. | |
561 | # | |
562 | # Automatic selection is currently only done through initialization, later on | |
563 | # we hope to do background checks to keep us moving to more ideal channels as | |
564 | # time goes by. ACS is currently only supported through the nl80211 driver and | |
565 | # your driver must have survey dump capability that is filled by the driver | |
566 | # during scanning. | |
567 | # | |
568 | # TODO: In analogy to hostapd be able to customize the ACS survey algorithm with | |
569 | # a newly to create wpa_supplicant.conf variable acs_num_scans. | |
570 | # | |
571 | # Supported ACS drivers: | |
572 | # * ath9k | |
573 | # * ath5k | |
574 | # * ath10k | |
575 | # | |
576 | # For more details refer to: | |
577 | # http://wireless.kernel.org/en/users/Documentation/acs | |
578 | #CONFIG_ACS=y | |
579 | ||
580 | # Support Multi Band Operation | |
581 | #CONFIG_MBO=y | |
582 | ||
583 | # Fast Initial Link Setup (FILS) (IEEE 802.11ai) | |
584 | #CONFIG_FILS=y | |
585 | # FILS shared key authentication with PFS | |
586 | #CONFIG_FILS_SK_PFS=y | |
587 | ||
588 | # Support RSN on IBSS networks | |
589 | # This is needed to be able to use mode=1 network profile with proto=RSN and | |
590 | # key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). | |
591 | CONFIG_IBSS_RSN=y | |
592 | ||
593 | # External PMKSA cache control | |
594 | # This can be used to enable control interface commands that allow the current | |
595 | # PMKSA cache entries to be fetched and new entries to be added. | |
596 | #CONFIG_PMKSA_CACHE_EXTERNAL=y | |
597 | ||
598 | # Mesh Networking (IEEE 802.11s) | |
599 | CONFIG_MESH=y | |
600 | ||
601 | # Background scanning modules | |
602 | # These can be used to request wpa_supplicant to perform background scanning | |
603 | # operations for roaming within an ESS (same SSID). See the bgscan parameter in | |
604 | # the wpa_supplicant.conf file for more details. | |
605 | # Periodic background scans based on signal strength | |
606 | CONFIG_BGSCAN_SIMPLE=y | |
607 | # Learn channels used by the network and try to avoid bgscans on other | |
608 | # channels (experimental) | |
609 | #CONFIG_BGSCAN_LEARN=y | |
610 | ||
611 | # Opportunistic Wireless Encryption (OWE) | |
612 | # Experimental implementation of draft-harkins-owe-07.txt | |
613 | CONFIG_OWE=y | |
614 | ||
615 | # Device Provisioning Protocol (DPP) | |
616 | # This requires CONFIG_IEEE80211W=y to be enabled, too. (see | |
617 | # wpa_supplicant/README-DPP for details) | |
618 | CONFIG_DPP=y |