1# Example wpa_supplicant build time configuration 2# 3# This file lists the configuration options that are used when building the 4# wpa_supplicant binary. All lines starting with # are ignored. Configuration 5# option lines must be commented out complete, if they are not to be included, 6# i.e., just setting VARIABLE=n is not disabling that variable. 7# 8# This file is included in Makefile, so variables like CFLAGS and LIBS can also 9# be modified from here. In most cases, these lines should use += in order not 10# to override previous values of the variables. 11 12 13# Uncomment following two lines and fix the paths if you have installed OpenSSL 14# or GnuTLS in non-default location 15#CFLAGS += -I/usr/local/openssl/include 16#LIBS += -L/usr/local/openssl/lib 17 18# Some Red Hat versions seem to include kerberos header files from OpenSSL, but 19# the kerberos files are not in the default include path. Following line can be 20# used to fix build issues on such systems (krb5.h not found). 21#CFLAGS += -I/usr/include/kerberos 22 23# Driver interface for generic Linux wireless extensions 24# Note: WEXT is deprecated in the current Linux kernel version and no new 25# functionality is added to it. nl80211-based interface is the new 26# replacement for WEXT and its use allows wpa_supplicant to properly control 27# the driver to improve existing functionality like roaming and to support new 28# functionality. 29#CONFIG_DRIVER_WEXT=y 30 31# Driver interface for Linux drivers using the nl80211 kernel interface 32#CONFIG_DRIVER_NL80211=y 33CONFIG_LIBNL20=y 34 35# QCA vendor extensions to nl80211 36CONFIG_DRIVER_NL80211_QCA=y 37 38# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) 39#CONFIG_DRIVER_BSD=y 40#CFLAGS += -I/usr/local/include 41#LIBS += -L/usr/local/lib 42#LIBS_p += -L/usr/local/lib 43#LIBS_c += -L/usr/local/lib 44 45# Driver interface for Windows NDIS 46#CONFIG_DRIVER_NDIS=y 47#CFLAGS += -I/usr/include/w32api/ddk 48#LIBS += -L/usr/local/lib 49# For native build using mingw 50#CONFIG_NATIVE_WINDOWS=y 51# Additional directories for cross-compilation on Linux host for mingw target 52#CFLAGS += -I/opt/mingw/mingw32/include/ddk 53#LIBS += -L/opt/mingw/mingw32/lib 54#CC=mingw32-gcc 55# By default, driver_ndis uses WinPcap for low-level operations. This can be 56# replaced with the following option which replaces WinPcap calls with NDISUIO. 57# However, this requires that WZC is disabled (net stop wzcsvc) before starting 58# wpa_supplicant. 59# CONFIG_USE_NDISUIO=y 60 61# Driver interface for wired Ethernet drivers 62#CONFIG_DRIVER_WIRED=y 63 64# Driver interface for the Broadcom RoboSwitch family 65#CONFIG_DRIVER_ROBOSWITCH=y 66 67# Driver interface for no driver (e.g., WPS ER only) 68#CONFIG_DRIVER_NONE=y 69 70# Solaris libraries 71#LIBS += -lsocket -ldlpi -lnsl 72#LIBS_c += -lsocket 73 74# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is 75# included) 76CONFIG_IEEE8021X_EAPOL=y 77 78# EAP-MD5 79CONFIG_EAP_MD5=y 80 81# EAP-MSCHAPv2 82CONFIG_EAP_MSCHAPV2=y 83 84# EAP-TLS 85CONFIG_EAP_TLS=y 86 87# EAL-PEAP 88CONFIG_EAP_PEAP=y 89 90# EAP-TTLS 91CONFIG_EAP_TTLS=y 92 93# EAP-FAST 94#CONFIG_EAP_FAST=y 95 96# EAP-GTC 97CONFIG_EAP_GTC=y 98 99# EAP-OTP 100CONFIG_EAP_OTP=y 101 102# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) 103CONFIG_EAP_SIM=y 104 105# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) 106#CONFIG_EAP_PSK=y 107 108# EAP-pwd (secure authentication using only a password) 109CONFIG_EAP_PWD=y 110 111# EAP-PAX 112#CONFIG_EAP_PAX=y 113 114# LEAP 115CONFIG_EAP_LEAP=y 116 117# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) 118CONFIG_EAP_AKA=y 119 120# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). 121# This requires CONFIG_EAP_AKA to be enabled, too. 122CONFIG_EAP_AKA_PRIME=y 123 124# Enable USIM simulator (Milenage) for EAP-AKA 125#CONFIG_USIM_SIMULATOR=y 126 127# EAP-SAKE 128#CONFIG_EAP_SAKE=y 129 130# EAP-GPSK 131#CONFIG_EAP_GPSK=y 132# Include support for optional SHA256 cipher suite in EAP-GPSK 133#CONFIG_EAP_GPSK_SHA256=y 134 135# EAP-TNC and related Trusted Network Connect support (experimental) 136#CONFIG_EAP_TNC=y 137 138# Wi-Fi Protected Setup (WPS) 139CONFIG_WPS=y 140# Enable WPS external registrar functionality 141CONFIG_WPS_ER=y 142# Disable credentials for an open network by default when acting as a WPS 143# registrar. 144#CONFIG_WPS_REG_DISABLE_OPEN=y 145# Enable WPS support with NFC config method 146CONFIG_WPS_NFC=y 147 148# EAP-IKEv2 149#CONFIG_EAP_IKEV2=y 150 151# EAP-EKE 152#CONFIG_EAP_EKE=y 153 154# PKCS#12 (PFX) support (used to read private key and certificate file from 155# a file that usually has extension .p12 or .pfx) 156CONFIG_PKCS12=y 157 158# Smartcard support (i.e., private key on a smartcard), e.g., with openssl 159# engine. 160CONFIG_SMARTCARD=y 161 162# PC/SC interface for smartcards (USIM, GSM SIM) 163# Enable this if EAP-SIM or EAP-AKA is included 164#CONFIG_PCSC=y 165 166# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) 167#CONFIG_HT_OVERRIDES=y 168 169# Support VHT overrides (disable VHT, mask MCS rates, etc.) 170#CONFIG_VHT_OVERRIDES=y 171 172# Development testing 173#CONFIG_EAPOL_TEST=y 174 175# Select control interface backend for external programs, e.g, wpa_cli: 176# unix = UNIX domain sockets (default for Linux/*BSD) 177# udp = UDP sockets using localhost (127.0.0.1) 178# udp6 = UDP IPv6 sockets using localhost (::1) 179# named_pipe = Windows Named Pipe (default for Windows) 180# udp-remote = UDP sockets with remote access (only for tests systems/purpose) 181# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) 182# y = use default (backwards compatibility) 183# If this option is commented out, control interface is not included in the 184# build. 185CONFIG_CTRL_IFACE=y 186 187# Include support for GNU Readline and History Libraries in wpa_cli. 188# When building a wpa_cli binary for distribution, please note that these 189# libraries are licensed under GPL and as such, BSD license may not apply for 190# the resulting binary. 191#CONFIG_READLINE=y 192 193# Include internal line edit mode in wpa_cli. This can be used as a replacement 194# for GNU Readline to provide limited command line editing and history support. 195CONFIG_WPA_CLI_EDIT=y 196 197# Remove debugging code that is printing out debug message to stdout. 198# This can be used to reduce the size of the wpa_supplicant considerably 199# if debugging code is not needed. The size reduction can be around 35% 200# (e.g., 90 kB). 201#CONFIG_NO_STDOUT_DEBUG=y 202 203# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save 204# 35-50 kB in code size. 205#CONFIG_NO_WPA=y 206 207# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support 208# This option can be used to reduce code size by removing support for 209# converting ASCII passphrases into PSK. If this functionality is removed, the 210# PSK can only be configured as the 64-octet hexstring (e.g., from 211# wpa_passphrase). This saves about 0.5 kB in code size. 212#CONFIG_NO_WPA_PASSPHRASE=y 213 214# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. 215# This can be used if ap_scan=1 mode is never enabled. 216#CONFIG_NO_SCAN_PROCESSING=y 217 218# Select configuration backend: 219# file = text file (e.g., wpa_supplicant.conf; note: the configuration file 220# path is given on command line, not here; this option is just used to 221# select the backend that allows configuration files to be used) 222# winreg = Windows registry (see win_example.reg for an example) 223CONFIG_BACKEND=file 224 225# Remove configuration write functionality (i.e., to allow the configuration 226# file to be updated based on runtime configuration changes). The runtime 227# configuration can still be changed, the changes are just not going to be 228# persistent over restarts. This option can be used to reduce code size by 229# about 3.5 kB. 230#CONFIG_NO_CONFIG_WRITE=y 231 232# Remove support for configuration blobs to reduce code size by about 1.5 kB. 233#CONFIG_NO_CONFIG_BLOBS=y 234 235# Select program entry point implementation: 236# main = UNIX/POSIX like main() function (default) 237# main_winsvc = Windows service (read parameters from registry) 238# main_none = Very basic example (development use only) 239#CONFIG_MAIN=main 240 241# Select wrapper for operating system and C library specific functions 242# unix = UNIX/POSIX like systems (default) 243# win32 = Windows systems 244# none = Empty template 245CONFIG_OS=unix 246 247# Select event loop implementation 248# eloop = select() loop (default) 249# eloop_win = Windows events and WaitForMultipleObject() loop 250CONFIG_ELOOP=eloop 251 252# Should we use poll instead of select? Select is used by default. 253#CONFIG_ELOOP_POLL=y 254 255# Should we use epoll instead of select? Select is used by default. 256#CONFIG_ELOOP_EPOLL=y 257 258# Should we use kqueue instead of select? Select is used by default. 259#CONFIG_ELOOP_KQUEUE=y 260 261# Select layer 2 packet implementation 262# linux = Linux packet socket (default) 263# pcap = libpcap/libdnet/WinPcap 264# freebsd = FreeBSD libpcap 265# winpcap = WinPcap with receive thread 266# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) 267# none = Empty template 268CONFIG_L2_PACKET=linux 269 270# Disable Linux packet socket workaround applicable for station interface 271# in a bridge for EAPOL frames. This should be uncommented only if the kernel 272# is known to not have the regression issue in packet socket behavior with 273# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). 274#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y 275 276# Support Operating Channel Validation 277#CONFIG_OCV=y 278 279# Select TLS implementation 280# openssl = OpenSSL (default) 281# gnutls = GnuTLS 282# internal = Internal TLSv1 implementation (experimental) 283# none = Empty template 284#CONFIG_TLS=openssl 285 286# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) 287# can be enabled to get a stronger construction of messages when block ciphers 288# are used. It should be noted that some existing TLS v1.0 -based 289# implementation may not be compatible with TLS v1.1 message (ClientHello is 290# sent prior to negotiating which version will be used) 291#CONFIG_TLSV11=y 292 293# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) 294# can be enabled to enable use of stronger crypto algorithms. It should be 295# noted that some existing TLS v1.0 -based implementation may not be compatible 296# with TLS v1.2 message (ClientHello is sent prior to negotiating which version 297# will be used) 298#CONFIG_TLSV12=y 299 300# Select which ciphers to use by default with OpenSSL if the user does not 301# specify them. 302#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" 303 304# If CONFIG_TLS=internal is used, additional library and include paths are 305# needed for LibTomMath. Alternatively, an integrated, minimal version of 306# LibTomMath can be used. See beginning of libtommath.c for details on benefits 307# and drawbacks of this option. 308#CONFIG_INTERNAL_LIBTOMMATH=y 309#ifndef CONFIG_INTERNAL_LIBTOMMATH 310#LTM_PATH=/usr/src/libtommath-0.39 311#CFLAGS += -I$(LTM_PATH) 312#LIBS += -L$(LTM_PATH) 313#LIBS_p += -L$(LTM_PATH) 314#endif 315# At the cost of about 4 kB of additional binary size, the internal LibTomMath 316# can be configured to include faster routines for exptmod, sqr, and div to 317# speed up DH and RSA calculation considerably 318#CONFIG_INTERNAL_LIBTOMMATH_FAST=y 319 320# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. 321# This is only for Windows builds and requires WMI-related header files and 322# WbemUuid.Lib from Platform SDK even when building with MinGW. 323#CONFIG_NDIS_EVENTS_INTEGRATED=y 324#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" 325 326# Add support for new DBus control interface 327# (fi.w1.hostap.wpa_supplicant1) 328#CONFIG_CTRL_IFACE_DBUS_NEW=y 329 330# Add introspection support for new DBus control interface 331#CONFIG_CTRL_IFACE_DBUS_INTRO=y 332 333# Add support for Binder control interface 334# Only applicable for Android platforms. 335#CONFIG_CTRL_IFACE_BINDER=y 336 337# Add support for loading EAP methods dynamically as shared libraries. 338# When this option is enabled, each EAP method can be either included 339# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). 340# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to 341# be loaded in the beginning of the wpa_supplicant configuration file 342# (see load_dynamic_eap parameter in the example file) before being used in 343# the network blocks. 344# 345# Note that some shared parts of EAP methods are included in the main program 346# and in order to be able to use dynamic EAP methods using these parts, the 347# main program must have been build with the EAP method enabled (=y or =dyn). 348# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries 349# unless at least one of them was included in the main build to force inclusion 350# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included 351# in the main build to be able to load these methods dynamically. 352# 353# Please also note that using dynamic libraries will increase the total binary 354# size. Thus, it may not be the best option for targets that have limited 355# amount of memory/flash. 356#CONFIG_DYNAMIC_EAP_METHODS=y 357 358# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode 359CONFIG_IEEE80211R=y 360 361# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) 362#CONFIG_DEBUG_FILE=y 363 364# Send debug messages to syslog instead of stdout 365#CONFIG_DEBUG_SYSLOG=y 366# Set syslog facility for debug messages 367#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON 368 369# Add support for sending all debug messages (regardless of debug verbosity) 370# to the Linux kernel tracing facility. This helps debug the entire stack by 371# making it easy to record everything happening from the driver up into the 372# same file, e.g., using trace-cmd. 373#CONFIG_DEBUG_LINUX_TRACING=y 374 375# Add support for writing debug log to Android logcat instead of standard 376# output 377CONFIG_ANDROID_LOG=y 378 379# Enable privilege separation (see README 'Privilege separation' for details) 380#CONFIG_PRIVSEP=y 381 382# Enable mitigation against certain attacks against TKIP by delaying Michael 383# MIC error reports by a random amount of time between 0 and 60 seconds 384#CONFIG_DELAYED_MIC_ERROR_REPORT=y 385 386# Enable tracing code for developer debugging 387# This tracks use of memory allocations and other registrations and reports 388# incorrect use with a backtrace of call (or allocation) location. 389#CONFIG_WPA_TRACE=y 390# For BSD, uncomment these. 391#LIBS += -lexecinfo 392#LIBS_p += -lexecinfo 393#LIBS_c += -lexecinfo 394 395# Use libbfd to get more details for developer debugging 396# This enables use of libbfd to get more detailed symbols for the backtraces 397# generated by CONFIG_WPA_TRACE=y. 398#CONFIG_WPA_TRACE_BFD=y 399# For BSD, uncomment these. 400#LIBS += -lbfd -liberty -lz 401#LIBS_p += -lbfd -liberty -lz 402#LIBS_c += -lbfd -liberty -lz 403 404# wpa_supplicant depends on strong random number generation being available 405# from the operating system. os_get_random() function is used to fetch random 406# data when needed, e.g., for key generation. On Linux and BSD systems, this 407# works by reading /dev/urandom. It should be noted that the OS entropy pool 408# needs to be properly initialized before wpa_supplicant is started. This is 409# important especially on embedded devices that do not have a hardware random 410# number generator and may by default start up with minimal entropy available 411# for random number generation. 412# 413# As a safety net, wpa_supplicant is by default trying to internally collect 414# additional entropy for generating random data to mix in with the data fetched 415# from the OS. This by itself is not considered to be very strong, but it may 416# help in cases where the system pool is not initialized properly. However, it 417# is very strongly recommended that the system pool is initialized with enough 418# entropy either by using hardware assisted random number generator or by 419# storing state over device reboots. 420# 421# wpa_supplicant can be configured to maintain its own entropy store over 422# restarts to enhance random number generation. This is not perfect, but it is 423# much more secure than using the same sequence of random numbers after every 424# reboot. This can be enabled with -e<entropy file> command line option. The 425# specified file needs to be readable and writable by wpa_supplicant. 426# 427# If the os_get_random() is known to provide strong random data (e.g., on 428# Linux/BSD, the board in question is known to have reliable source of random 429# data from /dev/urandom), the internal wpa_supplicant random pool can be 430# disabled. This will save some in binary size and CPU use. However, this 431# should only be considered for builds that are known to be used on devices 432# that meet the requirements described above. 433 434# Wpa_supplicant's random pool is not necessary on Android. Randomness is 435# already provided by the entropymixer service which ensures sufficient 436# entropy is maintained across reboots. Commit b410eb1913 'Initialize 437# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before 438# either wpa_supplicant or hostapd are run. 439CONFIG_NO_RANDOM_POOL=y 440 441# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) 442#CONFIG_IEEE80211AC=y 443 444# Wireless Network Management (IEEE Std 802.11v-2011) 445# Note: This is experimental and not complete implementation. 446CONFIG_WNM=y 447 448# Interworking (IEEE 802.11u) 449# This can be used to enable functionality to improve interworking with 450# external networks (GAS/ANQP to learn more about the networks and network 451# selection based on available credentials). 452CONFIG_INTERWORKING=y 453 454# Hotspot 2.0 455CONFIG_HS20=y 456 457# Enable interface matching in wpa_supplicant 458#CONFIG_MATCH_IFACE=y 459 460# Disable roaming in wpa_supplicant 461CONFIG_NO_ROAMING=y 462 463# AP mode operations with wpa_supplicant 464# This can be used for controlling AP mode operations with wpa_supplicant. It 465# should be noted that this is mainly aimed at simple cases like 466# WPA2-Personal while more complex configurations like WPA2-Enterprise with an 467# external RADIUS server can be supported with hostapd. 468CONFIG_AP=y 469 470# P2P (Wi-Fi Direct) 471# This can be used to enable P2P support in wpa_supplicant. See README-P2P for 472# more information on P2P operations. 473CONFIG_P2P=y 474 475# Enable TDLS support 476CONFIG_TDLS=y 477 478# Wi-Fi Display 479# This can be used to enable Wi-Fi Display extensions for P2P using an external 480# program to control the additional information exchanges in the messages. 481CONFIG_WIFI_DISPLAY=y 482 483# Autoscan 484# This can be used to enable automatic scan support in wpa_supplicant. 485# See wpa_supplicant.conf for more information on autoscan usage. 486# 487# Enabling directly a module will enable autoscan support. 488# For exponential module: 489#CONFIG_AUTOSCAN_EXPONENTIAL=y 490# For periodic module: 491#CONFIG_AUTOSCAN_PERIODIC=y 492 493# Password (and passphrase, etc.) backend for external storage 494# These optional mechanisms can be used to add support for storing passwords 495# and other secrets in external (to wpa_supplicant) location. This allows, for 496# example, operating system specific key storage to be used 497# 498# External password backend for testing purposes (developer use) 499#CONFIG_EXT_PASSWORD_TEST=y 500 501# Enable Fast Session Transfer (FST) 502#CONFIG_FST=y 503 504# Support Multi Band Operation 505#CONFIG_MBO=y 506 507# Fast Initial Link Setup (FILS) (IEEE 802.11ai) 508#CONFIG_FILS=y 509 510# Support RSN on IBSS networks 511# This is needed to be able to use mode=1 network profile with proto=RSN and 512# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). 513#CONFIG_IBSS_RSN=y 514 515# External PMKSA cache control 516# This can be used to enable control interface commands that allow the current 517# PMKSA cache entries to be fetched and new entries to be added. 518#CONFIG_PMKSA_CACHE_EXTERNAL=y 519 520# Mesh Networking (IEEE 802.11s) 521#CONFIG_MESH=y 522 523# Background scanning modules 524# These can be used to request wpa_supplicant to perform background scanning 525# operations for roaming within an ESS (same SSID). See the bgscan parameter in 526# the wpa_supplicant.conf file for more details. 527# Periodic background scans based on signal strength 528#CONFIG_BGSCAN_SIMPLE=y 529# Learn channels used by the network and try to avoid bgscans on other 530# channels (experimental) 531#CONFIG_BGSCAN_LEARN=y 532 533# Opportunistic Wireless Encryption (OWE) 534# Experimental implementation of draft-harkins-owe-07.txt 535#CONFIG_OWE=y 536 537# Wired equivalent privacy (WEP) 538# WEP is an obsolete cryptographic data confidentiality algorithm that is not 539# considered secure. It should not be used for anything anymore. The 540# functionality needed to use WEP is available in the current wpa_supplicant 541# release under this optional build parameter. This functionality is subject to 542# be completely removed in a future release. 543CONFIG_WEP=y 544 545# Disable support for Radio Measurement (IEEE 802.11k) and supported operating 546# class indication. Removing these is not recommended since they can help the 547# AP manage the network and STA steering. 548#CONFIG_NO_RRM=y 549 550# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi 551# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management 552#CONFIG_NO_ROBUST_AV=y 553 554# Disable support for WMM admission control 555#CONFIG_NO_WMM_AC=y 556 557# Wi-Fi Aware unsynchronized service discovery (NAN USD) 558#CONFIG_NAN_USD=y 559 560include $(wildcard $(LOCAL_PATH)/android_config_*.inc) 561