Follow the steps below to install and setup the tools necessary for developing and running Bearclave applications.
Note that these steps, and the Bearclave SDK, have only been tested on Ubuntu 24.04.3 LTS
Bearclave provides a No TEE mode that allows you to build and run TEE applications on your local machine. Meaning you can develop, test, and debug your applications without needing to have access to a TEE platform. While this is not a true one-to-one replacement, it can be useful for speeding up development cycles and reducing cloud costs.
- Install Golang (v1.24.3 or higher) to build and run Bearclave applications.
- Install Process Compose (v1.78.0 or higher) to orchestrate and run applications in "No TEE" mode.
You now have the minimum set of tools required to build and run Bearclave applications locally. Try them out with one of the examples in our examples repository. If you wish to run applications on genuine TEE platforms, continue on to the AWS or GCP setup guides below.
Amazon Web Services (AWS) has its own proprietary TEE platform known as AWS Nitro Enclaves. Follow the steps below to set up the necessary tools and infrastructure to develop Bearclave applications on AWS Nitro Enclaves.
- Create an AWS Account. Note that this is your "root" account and should only be used to configure Billing and IAM roles.
- Install and configure the AWS CLI v2. The Makefile targets in the Bearclave Examples repository assume that the AWS CLI is installed and configured to use a role with sufficient permissions to manage EC2 instances (see the Makefiles for details).
- Install the Terraform CLI version 1.14.3 or higher.
- Clone the Bearclave TF repository.
- Use the
aws-nitro-enclaves/module to create an AWS Nitro Enclaves enabled EC2 instance with the necessary dependencies to run Bearclave applications.git clone https://github.com/tahardi/bearclave-tf.git cd bearclave-tf/modules/aws-nitro-enclaves/ terraform init terraform plan terraform apply - Follow the steps in the Bearclave Examples repository to build and run an example application on the newly provisioned instance.
Google Cloud Platform (GCP) provides compute instances that support the AMD SEV-SNP and Intel TDX TEE platforms. Follow the steps below to set up the necessary tools and infrastructure to develop Bearclave applications on AMD SEV-SNP and Intel TDX.
- Create a Google Account. If you use GMail, Drive, or any other similar Google service, then you already have an account; feel free to use that account. At the time of this writing, Google offers $300 in free credits to new users.
- Install and configure the GCP CLI. The Makefile targets in the Bearclave Examples repository assume that the GCP CLI is installed and configured to use a role with sufficient permissions to manage Compute VMs and the Artifact Registry (see the Makefiles for details).
- Install Docker Engine to containerize and deploy Bearclave applications.
- Create an image repository in the Artifact Registry and authorize docker to
push images to it. Note that some of these values may be out-of-date. Check the
Bearclave Examples repository
to see what values are used in the Makefile for pushing images.
gcloud artifacts repositories create bearclave \ --repository-format=docker \ --location=us-east1 \ --description="Docker repository for bearclave images" \ --project=bearclave gcloud auth configure-docker us-east1-docker.pkg.dev - Install the Terraform CLI version 1.14.3 or higher.
- Clone the Bearclave TF repository.
- Use the
gcp-sev-snp/andgcp-tdx/modules to create AMD SEV-SNP and Intel TDX enabled compute instances with the necessary dependencies to run Bearclave applications.git clone https://github.com/tahardi/bearclave-tf.git cd bearclave-tf/modules/gcp-sev-snp/ terraform init terraform plan terraform apply cd ../gcp-tdx/ terraform init terraform plan terraform apply
- Follow the steps in the Bearclave Examples repository to build and run an example application on the newly provisioned instances.