Cryptographic content-based break-glass scheme for debug of trusted-execution environments in remote systems

摘要

A method includes receiving a break-glass ticket scope identifying one or more secure containers of a secure container system. The secure containers are instantiated in a non-debuggable state and execute corresponding secure execution environments for contents of the corresponding secure containers. The method also includes generating a pending break-glass ticket having the break-glass ticket scope and transmitting the pending break-glass ticket to a break-glass approver for approver. In response to receiving an approved break-glass ticket from the break-glass approver, the method includes altering an access setting of the one or more secure containers defined in the break-glass ticket scope. The altered access setting allows debugging of the respective contents of the one or more secure containers executing the corresponding secure execution environments.