I understand encryption in mediums outside digital stuff like letters or Morse code, but how does a computer OS works when its code is scrambled, and how is the key stored and used to verify the enryption passphrase without some pluck it out and use it.

Encrypted letters don’t have to carry the key or verify it.

  • mkwt@lemmy.worldEnglish
    1·
    30 days ago

    A bunch of answers but nothing talking about modern consumer devices.

    • The OS code on a computer is stored on a “drive”, usually flash memory, but it has to be loaded into RAM to actually run.
    • the OS code is usually not encrypted when it’s in RAM. Processors don’t decrypt the code directly on the fly.
    • it is relatively common nowadays for the stuff on the drives to be fully encrypted. This can include the OS, it the OS code can be on a separate partition that’s not encrypted.
    • For all the major operating systems, there’s not a lot of value in keeping the binary code secret, because they all leak out eventually, anyway.
    • If it’s encrypted, the OS code has to be decrypted when it is loaded off the drive into RAM. This is done by a separate “firmware” software during boot.
    • the keys needed for boot up cryptography are usually stored in dedicated chips that ship with modern computers. These are called things like TPM or “secure enclave”.
    • the chips are hardened against physical attacks that could reveal the keys.
    • usually the passphrase is part of an encryption key that encrypts the real encryption key that encrypts the whole disk. Wrong passphrase means the computer is incapable of decrypting the real key.