Ubuntu will adopt ntpd-rs (Rust) and trim GRUB for maximum security

Key points:
  • Rewriting in Rust: Ubuntu will adopt ntpd-rs as its default time server and client, replacing chrony, linuxptp, and gpsd.
  • Protocol Unification: The tool will integrate Statime to handle NTP, NTS, and PTP in a single package.
  • Release Schedule: ntpd-rs will arrive as a test in Ubuntu 26.10 (Fall 2026) and will become the absolute standard in Ubuntu 27.04 (Spring 2027).
  • GRUB cleanup: Ubuntu 26.10 will reduce the attack surface of the boot manager by removing support for JPEG/PNG, BTRFS/ZFS and LUKS/LVM exclusively on the /boot partition.
  • Industry Support: The project is funded by Canonical and developed by Trifecta Tech Foundation, and is already in massive use on Let's Encrypt servers.
DarkcriztUpdated on

4 minutes

Ubuntu transition to ntpd-rs

La Canonical's campaign to eradicate memory vulnerabilities Adds a new and ambitious goal. Jon Seager, vice president of engineering and technical lead for Ubuntu, has announced that ntpd-rs, a time synchronization server and client, Written entirely in Rust, it will become the default operating system standard.

This strategic move This marks the third major replacement of system utilities. with memory-safe code (following in the footsteps of Rust Coreutils and sudo-rs). Canonical's ultimate goal is not only to replace the current chrony manager, but also to absorb the capabilities of the Precision Time Protocol (PTP) through the Statime project, thus unifying the NTP, NTS, and PTP protocols into a single modern, secure, and easy-to-configure utility.

The timeline for the transition to NTPD-RS

Canonical states that the implementation of this change will be gradual to ensure stability in enterprise environments, as it is actively funding the Trifecta Tech Foundation (the creators of ntpd-rs and sudo-rs) to achieve feature parity and improve security isolation. The implementation timeline is as follows:

  • Autumn 2026 (Ubuntu 26.10): The ntpd-rs package will make its official debut in the Ubuntu repositories. During this cycle, it will be offered as an optional alternative for system administrators and developers to begin integration testing.
  • Spring 2027 (Ubuntu 27.04): If performance and security metrics are satisfactory, ntpd-rs will become the system's default unified client and server. By then, it should have the Statime project integrated, permanently replacing the veteran chrony, linuxptp, and potentially gpsd packages.

Unification of protocols: NTP, NTS and PTP

Time synchronization is the invisible pillar of modern cryptography (like TLS certificate validation). Until now, Linux systems relied on fragmented tools to handle varying levels of accuracy and security. Canonical's vision with ntpd-rs is unify them:

  • NTP (Network Time Protocol): The standard protocol for synchronizing the system's general time over the internet.
  • NTS (Network Time Security): The cryptographic layer that prevents the falsification or interception of time data (similar to what HTTPS is to HTTP).
  • PTP (Precision Time Protocol): Reserved for networks requiring submicrosecond synchronization (telecommunications, power grids, automotive). Integrating Statime capabilities into ntpd-rs will eliminate the need for the complex manual configuration currently required by linuxptp.

To achieve this unification, the following will be implemented new features before their final deployment. These include Support for the gpsd IP socket, multithreaded and multihomed NTP server operation (multiple network interfaces), and the adoption of the gPTP and CSPTP protocols (IEEE 1588.1), crucial for the Automotive profile.

Proven security and reduced attack surface

The choice of ntpd-rs is not a blind experiment, as its usefulness has demonstrated its resilience on an industrial scale by being adopted by the critical infrastructure of the Let's Encrypt Certification Authority in mid-2024. Because it is written in Rust, it is inherently immune to classic buffer overflows. that have historically plagued C/C++ tools. To further protect it in Ubuntu, Strict AppArmor and seccomp profiles are being developedensuring that memory security does not compromise system privilege limits.

This focus on extreme security extends to other areas of the system. Julian Andres Klode, head of the APT project at Canonical, has announced parallel plans to drastically reduce the attack surface of the GRUB bootloader in Ubuntu 26.10.

To avoid recurring vulnerabilities, the Digitally signed GRUB builds will lose compatibility with unnecessary formats During boot, this includes JPEG/PNG images, the part_apple partition table, and the BTRFS, XFS, and ZFS file systems (exclusively for the /boot partition, which always uses ext4 by default in Ubuntu). Additionally, Support for LUKS, LVM, and md-raid will be removed. (except raid1) in /boot, prioritizing integrity verification using TPM-backed FDE encryption, rather than relying on data obfuscation.

Finally, if you are interested in learning more, you can consult the details. In the following link.