Encrypt folder on Linux that can only be decrypted on that specific OS and device

No matter what you do, you will need to store an encryption key somewhere, which will then be recoverable. If you require a license server, this could be worked around by hooking or patching the application. You can do things like this to slow down an adversary, but it won't be complete protection. If you really don't want to give out your software, use a client-server architecture with the bulk of the logic on the server side and require authentication from a paid/authorized user (although then you can't prevent the client software from being copied or modified either, but that's usually an accepted risk).


Suppose I want to give a computer to someone that runs an application. I want to avoid that the program can be copied to another computer or be tampered with.

There are commercially available tools that will do this for you. As you have suspected, there is no bulletproof solution that cannot be broken by a dedicated adversary. But, in practice, there are commercially available obfuscaters that may be "good enough" for your purposes.

The commercially available tools can also tie the software to a given hardware by taking a "fingerprint" of the hardware. Again, this is probably spoofable with enough work, but could be "good enough" for your purposes.

One example of a commercially available tool is the ".NET Reactor," (https://www.eziriz.com/dotnet_reactor.htm) which is for use with Windows .NET software. It can obfuscate the software to frustrate reverse engineering and it can tie the software to specific hardware using a hardware fingerprinting method.


One strategy I've seen that is not fool proof but it you read in unique hardware IDs and use that as a key to decrypt the software, if it's moved to another machine, it wouldn't decrypt.

The only problem with this is most of those values can be overwritten and if the attacker knows what hardware these values are being derived from, and reproduce them to effectively 'unlock'/decrypt the software.

Additionally, you have a problem if any of that hardware fails and gets replaced, you now have to cut new software--encrypted with the new combination of hardware IDs for the replaced/new hardware.