Encryption and decryption methods applied on operating system

摘要

An encryption and decryption methods applied on an operating system kernel are disclosed, where a hash result is obtained from a computation between a booting program and the operating system kernel by using a definition table, the computation result is combined with the operating system kernel for encryption of the operating system kernel, and the operating system kernel may not be decrypted and thus booted whenever the booting program, the operating system kernel or the two combined are falsified or replaced, whereby the technical efficacy which the booting program and the operating system kernel are authenticated bilaterally for safety booting may be achieved.

主权项

1. An encryption method applied on an operating system kernel, being suitable for use on a device having a booting program and the operating system kernel stored therein, comprising steps of:
pre-establishing a definition table in the booting program, the definition table having codes stored therein; selecting randomly a plurality of codes from the definition table by the booting program and recording the plurality of codes having been selected by the booting program when the booting program is executed at a first time; looking for at least one booting bit value set each having a plurality of booting bit values from the booting program in a storage space by the booting program according to the selected plurality of codes, and looking for at least one kernel bit value set each having a plurality of kernel bit value from the operating system kernel in the storage space by the booting program and a position of each of the plurality of kernel bit values in the kernel bit value set corresponding thereto, the booting bit value sets corresponding sequence to the kernel bit value sets; computing a reversible hash function to each of the booting bit value set and one of the kernel bit value set corresponding thereto by the booting program, to obtain a hash value corresponding thereto, respectively; and replacing each of the plurality of kernel bit values of the kernel bit value set at the position of each of the plurality of kernel bit values of the kernel bit value set with the hash value corresponding thereto by the booting program, respectively, and saving the kernel bit value set with the hash value replaced as the operating system kernel, to encrypt the operating system kernel, the encrypted operating system kernel being not executable.