1. Technical Field
The present invention relates to an encryption and decryption methods, and particularly to an operating system kernel encryption and decryption method.
2. Related Art
At present, booting a computer by a booting program and verifying a booting process by an operating system kernel are conducted separately. Namely, a booting process has to be finished by performing the separate verification processes for the booting program and the operating system kernel.
In the verification process for the booting program, an operation-experienced digest is stored into an OTP area, and the digest in the OTP will be selected and computed and compared each time when the computer is booted to verify if the booting program is correct.
On the other hand, in the verification process for the operating system kernel, a signature, a certificate and a root public key have to be pre-stored in a main area. And, a private key owned privately by the operating system kernel is utilized to conduct a digital signature process for one-by-one verification actions.
In the verification processes for the booting program and the operating system kernel, the certificate and signature have both to be compared to verify the correctness and completeness. However, in the cases that the digest, signature, certificate, and toot public key are counterfeited, which are supposed to be easier than resolving the booting program and the operating system kernel, with the verification processes for the booting program and the operating system kernel, the verification processes may be still passed, lending to a risk of being falsified or being replaced with the operating system kernel.
In view of the above, it may be known that there has long an issue of issue where the currently available booting program and operating system kernel have to be separately verified and the verification computation result has to be pre-stored into the OPT area and compared, requiring several times of verification and a huge amount of additional storage space, which are complex in the process, quite time consuming and unsafe. Therefore, there is quite a need to set forth an improvement means to settle down this problem.