Software stack

This section details the partitioning of the TCP/IP networking stack and the IEEE 802.11 Wi-Fi® stack across the host Microcontroller Unit (MCU) and nRF7002.

This description is based on Zephyr™ TCP/IP networking stack and an nRF5340 host MCU. However, the partitioning applies equally to other operating systems and host MCUs supporting a compatible Serial Peripheral Interface (SPI)/Quad Serial Peripheral Interface (QSPI).

Figure 1. Network stack architecture
Network stack architecture

The TCP/IP networking stack and Wi-Fi driver execute on the host MCU (for example, nRF5340) and communicate with the MAC layer on nRF7002 through SPI/QSPI. The Wi-Fi driver presents control and data interfaces (Control IF/Data IF) to the TCP/IP networking stack.

Control IF

The Control IF interfaces with the Network Management API (net_mgmt). The Control IF implements functionality like scanning, connecting to a Service Set Identifier (SSID), or setting the encryption key.

Data IF

The Data IF interfaces with the L2 Network Technologies layer of the TCP/IP networking stack. The Wi-Fi driver presents the nRF7002 as an Ethernet device to the data path of the TCP/IP networking stack. In the TX path, it receives Ethernet frames from the upper layers and in the RX path sends Ethernet frames to it. The Wi-Fi driver takes care of converting Wi-Fi frames to Ethernet frames in the RX path.


The supplicant is implemented as part of the Wi-Fi driver and provides the following functionality:

802.11 authentication and association
The supplicant requests the driver to scan neighbouring Basic Service Set (BSS)s and then requests the driver to associate with a chosen BSS. 802.11 authentication is the first step in network attachment. 802.11 authentication requires a Station (STA) to establish its identity with an Access Point (AP). No data encryption or security is available at this stage.
Wi-Fi Protected Access®(WPA™) authentication
The supplicant implements the authentication services and port control described in the IEEE802.1X standard. The initial authentication process is carried out using either of the following:

This process ensures that the client station (STA) is authenticated with the AP. This also results in the generation of a shared Pairwise Master Key (PMK) at both the STA and AP.

4-way handshake
The 4-way handshake is designed such that the STA and AP can prove to each other their knowledge of the PMK without actually disclosing the key. The 4-way handshake generates the following:
When connected to a wireless network with multiple access points, the supplicant is typically responsible for implementing the roaming between access points. The supplicant detects a closer access point (Basic Service Set Identifier (BSSID)) in the current network (SSID), in terms of signal strength (Received Signal Strength Indication (RSSI)), it will reassociate to the closer access point.
Software Enabled Access Point (SoftAP)
SoftAP enables a device to turn its wireless interface into a Wi-Fi access point. In SoftAP mode, the supplicant takes care of station onboarding and management. SoftAP support is limited to PSK (WPA Personal) security.
Peer-to-peer (P2P)
The supplicant implements the higher layer functionality for managing P2P groups and takes care of the following:
  • Device Discovery
  • Service Discovery
  • Group Owner Negotiation
  • P2P Invitation.

In addition, it maintains information about neighbouring P2P Devices.