swtpm_setup: Allow to create largest possible EK

By passing 'max' to --rsa-keysize allow to create the larges possible key. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · May 1, 2020 · 039bb4e · 039bb4e
1 parent a1cb3dc
commit 039bb4e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/man/man8/swtpm_setup.8 b/man/man8/swtpm_setup.8
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "swtpm_setup 8"
-.TH swtpm_setup 8 "2020-04-28" "swtpm" ""
+.TH swtpm_setup 8 "2020-04-30" "swtpm" ""
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -282,7 +282,8 @@ This option is only useful with \s-1TPM 1.2\s0 and in if ownership is taken.
 This option allows to pass the size of a \s-1TPM 2 RSA EK\s0 key, such as 2048
 or 3072. The supported keysizes for a \s-1TPM 2\s0 can be queried for using
 the \fI\-\-print\-capabilities\fR option. The default size is 2048 bits for
-both \s-1TPM 1.2\s0 and \s-1TPM 2.\s0
+both \s-1TPM 1.2\s0 and \s-1TPM 2.\s0 If 'max' is passed, the largest possible key
+size is used.
 .IP "\fB\-\-print\-capabilities\fR (since v0.2)" 4
 .IX Item "--print-capabilities (since v0.2)"
 Print capabilities that were added to swtpm_setup after version 0.1. To get

diff --git a/man/man8/swtpm_setup.pod b/man/man8/swtpm_setup.pod
@@ -178,7 +178,8 @@ This option is only useful with TPM 1.2 and in if ownership is taken.
 This option allows to pass the size of a TPM 2 RSA EK key, such as 2048
 or 3072. The supported keysizes for a TPM 2 can be queried for using
 the I<--print-capabilities> option. The default size is 2048 bits for
-both TPM 1.2 and TPM 2.
+both TPM 1.2 and TPM 2. If 'max' is passed, the largest possible key
+size is used.
 
 =item B<--print-capabilities> (since v0.2)
 

diff --git a/src/swtpm_setup/swtpm_setup.sh.in b/src/swtpm_setup/swtpm_setup.sh.in
@@ -2467,6 +2467,14 @@ main()
 		fi
 	fi
 
+	# Determine maximum possible RSA keysize that we will then use
+	if [ "$rsa_keysize" = "max" ]; then
+		rsa_keysize=$(get_rsa_keysizes "$flags" | sed '$!d')
+		if [ -z "$rsa_keysize" ]; then
+			rsa_keysize=2048
+		fi
+	fi
+
 	case "${rsa_keysize}" in
 	2048)	;;
 	3072)	tmp="$(get_rsakeysize_caps "$flags")"