From 7dc24c2f8cea9e4bd204307b9bc704bd359c4a22 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Wed, 29 Apr 2020 15:14:36 -0400
Subject: [PATCH] swtpm_setup: Allow to create largest possible EK

By passing '--rsa-keysize max' allow to create the largest possible RSA
EK key.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 man/man8/swtpm_setup.8            | 3 ++-
 man/man8/swtpm_setup.pod          | 3 ++-
 src/swtpm_setup/swtpm_setup.sh.in | 8 ++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/man/man8/swtpm_setup.8 b/man/man8/swtpm_setup.8
index cb891b2..ca797c8 100644
--- a/man/man8/swtpm_setup.8
+++ b/man/man8/swtpm_setup.8
@@ -282,7 +282,8 @@ This option is only useful with \s-1TPM 1.2\s0 and in if ownership is taken.
 This option allows to pass the size of a \s-1TPM 2 RSA EK\s0 key, such as 2048
 or 3072. The supported keysizes for a \s-1TPM 2\s0 can be queried for using
 the \fI\-\-print\-capabilities\fR option. The default size is 2048 bits for
-both \s-1TPM 1.2\s0 and \s-1TPM 2.\s0
+both \s-1TPM 1.2\s0 and \s-1TPM 2.\s0 If 'max' is passed, the largest possible key
+size is used.
 .IP "\fB\-\-print\-capabilities\fR (since v0.2)" 4
 .IX Item "--print-capabilities (since v0.2)"
 Print capabilities that were added to swtpm_setup after version 0.1.
diff --git a/man/man8/swtpm_setup.pod b/man/man8/swtpm_setup.pod
index b5a954d..30ca288 100644
--- a/man/man8/swtpm_setup.pod
+++ b/man/man8/swtpm_setup.pod
@@ -178,7 +178,8 @@ This option is only useful with TPM 1.2 and in if ownership is taken.
 This option allows to pass the size of a TPM 2 RSA EK key, such as 2048
 or 3072. The supported keysizes for a TPM 2 can be queried for using
 the I<--print-capabilities> option. The default size is 2048 bits for
-both TPM 1.2 and TPM 2.
+both TPM 1.2 and TPM 2. If 'max' is passed, the largest possible key
+size is used.
 
 =item B<--print-capabilities> (since v0.2)
 
diff --git a/src/swtpm_setup/swtpm_setup.sh.in b/src/swtpm_setup/swtpm_setup.sh.in
index ced991a..d8d62d0 100755
--- a/src/swtpm_setup/swtpm_setup.sh.in
+++ b/src/swtpm_setup/swtpm_setup.sh.in
@@ -2472,6 +2472,14 @@ main()
 		fi
 	fi
 
+	# Determine maximum possible RSA keysize that we will then use
+	if [ "$rsa_keysize" = "max" ]; then
+		rsa_keysize=$(get_rsa_keysizes "$flags" | sed '$!d')
+		if [ -z "$rsa_keysize" ]; then
+			rsa_keysize=2048
+		fi
+	fi
+
 	case "${rsa_keysize}" in
 	2048)	;;
 	3072)	tmp="$(get_rsakeysize_caps "$flags")"