Blogs on Gauthier Jolly

The trust model of vTPM in Confidential VMs

Wed, 21 Jan 2026 17:30:00 +0000

In a previous post, I explained that the direction most Confidential Computing deployments are converging toward is to reintroduce the TPM abstraction inside the Confidential VM itself. Rather than relying on a physical TPM, the goal is to expose a TPM interface from within the TEE.

This design choice is largely pragmatic. It enables a lift-and-shift model for existing operating systems and workloads that already depend on TPMs for measured boot, disk encryption, and remote attestation. At the same time, it preserves the familiar TPM security guarantees while replacing physical trust assumptions with hardware-enforced isolation.

The race toward Confidential AI inference

Sun, 18 Jan 2026 15:30:00 +0000

For almost half a decade now, I have been working on Confidential Computing at Canonical. This position has given me a front-row seat to the evolution of Confidential Computing technologies and their applications.

One of the most exciting applications is Confidential AI inference, which allows AI models to be hosted and executed in a way that can keep the user’s input data confidential, even from the service provider itself.

While Apple is announcing a partnership with Google, to base its own models on Google Gemini and while some might see this as a failure, it is worth noting that Apple Intelligence already has a meaningful legacy.

Attestable Immutable Nodes for Kubernetes

Wed, 14 Jan 2026 15:30:00 +0000

How immutable operating systems and Confidential Computing can provide a trustworthy foundation for Kubernetes worker nodes

Exposing a local web server using Cloudflare Tunnels

Tue, 16 Dec 2025 15:30:00 +0000

Make your local web server accessible from the internet using Cloudflare Tunnels

Build an AI inference server on Ubuntu

Sat, 13 Dec 2025 19:10:00 +0000

Deploy local LLM inference with Ollama and Open WebUI

Build an Ubuntu Destkop image with genesis

Tue, 18 Nov 2025 12:10:00 +0000

How to use my image build tool to easily build Desktop images

How I built an Ubuntu archive mirror using Cloudflare

Thu, 25 Sep 2025 11:30:00 +0100

A fast and modern way to create an package mirror.

Architecture of a Linux system and boot process

Sat, 26 Apr 2025 11:10:00 +0000

What makes a Linux system: Kernels, Root Filesystems, and the Boot Process

Practical Guide To Virtual Networking on Linux

Wed, 23 Apr 2025 09:10:00 +0000

How to create and manage virtual networks on you Linux host.

How to install NVIDIA drivers on Ubuntu

Wed, 12 Feb 2025 20:30:00 +0100

Stop installing the NVIDIA drivers from NVIDIA repos on Ubuntu

Build an Ubuntu Server live image with mkosi

Sun, 22 Dec 2024 12:10:00 +0000

Let's see how to use mkosi to build an Ubuntu image

Boot Linux with coreboot without bootloader

Mon, 14 Oct 2024 17:10:00 +0000

Virtual firmware can be as big as you want, so you can fit a entire kernel.

User temporary directory

Mon, 07 Aug 2023 11:10:00 +0000

A temporary directory in the user home folder

A basic CLI tool to build Ubuntu images

Fri, 09 Jun 2023 09:10:00 +0000

Build Ubuntu images from scratch with a CLI tool

FDE, Secureboot and unified kernel image

Sun, 13 Nov 2022 09:10:00 +0000

Full Disk Encryption on most Linux distro has a major security flow. Why? How to fix it?

Boot Linux without GRUB

Fri, 19 Nov 2021 11:10:00 +0000

How to take advantage of the Kernel's EFI stub to boot without any bootloader

QEMU cheatsheet

Fri, 19 Nov 2021 11:10:00 +0000

How to use QEMU and a few tricks

Firewall, Tailscale and Ubuntu

Sun, 14 Nov 2021 13:10:00 +0000

How to configure Ubuntu's Firewall to allow SSH in with Tailscale

The UNIX `who` command

Mon, 31 Aug 2020 11:40:00 +0000

Understanding where `who` gets its data