Basically, assuming you're running 21.02 or master and configuring from luci, you just need to turn 802.11r on and disable 'Generate PMK locally'. Leave the r0kh and r1kh empty.
OpenWrt will generate a key for you. Test it with just that to see if it works. The caveat is that it will only use the mobility domain to do so, meaning it will only generate 65536 possible keys, vs 3.403E+38 if you set your own. If you don't set your own mobility domain, then anyone can use the same recipe to compute the key from your SSID, which is not good. I have sent a patch to append the PSK, which should be safe, but it has not been accepted yet.
Then a recommended next step is to setup your own 128-bit key to use for r0kh and r1kh. Running this will generate a random one for you:
dd if=/dev/random bs=16 count=1 2>/dev/null | md5sum | awk '{print $1}'
05ad9451dcaa84f746311694186c29e7
Using 05ad9451dcaa84f746311694186c29e7 as an example, then set:
- r0kh to:
ff:ff:ff:ff:ff:ff * 05ad9451dcaa84f746311694186c29e7 - r1kh to:
00:00:00:00:00:00 00:00:00:00:00:00 05ad9451dcaa84f746311694186c29e7
This exact setup--the key has to be the same--should be used across all your wireless interfaces in all APs doing 802.11r for the same SSID (technically, it's the same mobility domain).