Rekeying Issue - "driver can't safely do that."

Im getting the following prints every hour, i suppose its related to 802.11r being enabled without? 802.11w.

Rekeying PTK for STA 5c:f8:a1:XX:XX:XX but driver can't safely do that.

I found this old bug-report https://svn.dd-wrt.com/ticket/6655 which points to https://github.com/openwrt/mt76/issues/278 which mentions that its not a driver related problem. I can confirm that its happening on ath10k-ct / ath9k and im not sure what the cause is.

Its not only one client its all devices in the wireless network.

Any pointers are appreciated.

This seems to be because the wifi drivers are not supporting the NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 flag https://github.com/torvalds/linux/blob/master/net/mac80211/key.c#L281

Which itself seems to be a security feature flag for getting the key out of memory, i dont quite understand how this was critical enough to warrant a warning for every rekey, but that seems to be the case right now.

Maybe the driver developers (ath10k/ct, ath9k, etc.) can implement this flag, if possible to get rid of the warning and the security issue.
(small explanation on the issue: https://www.mail-archive.com/linux-wireless@vger.kernel.org/msg60429.html)

Summary: this warning is completely harmless from an user pov. (besides the theoretical security risk)

1 Like

The linux-wireless mailing list would be a good place to report your findings and make the suggestion.

1 Like