Eclipse SSAM is a lightweight container execution framework optimized for automotive ECU environments in the context of Software-Defined Vehicles (SDV). It rapidly initializes container environments to begin application execution, and continuously verifies the integrity of container packages to detect tampering or unauthorized modifications in real time.
The framework provides the following core capabilities:
- Package Management — supports installation, removal, and upgrade of container packages
- Integrity Verification — ensures package integrity using Linux dm-verity and EROFS
- Container Execution — runs containers via an OCI-compatible container runtime (crun) using Systemd
- Resource Isolation — in addition to the resource isolation provided by OCI Runtime, enforces ext4 project quota on writable data partitions to limit disk usage per container-native application
Unlike conventional OCI-compliant solutions, Eclipse SSAM is purpose-built for resource-constrained, safety-critical systems where fast startup and tamper detection are essential. It selectively adopts OCI concepts while prioritizing performance and security over full specification compliance.
Eclipse SSAM operates on Linux-based host operating systems and relies on externally provided low-level runtimes, focusing solely on efficient container execution in constrained environments.
By open-sourcing SSAM under the Eclipse Foundation, we aim to foster cross-industry collaboration and contribute to a robust, scalable vehicle software ecosystem.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
Member companies supporting this project over the last three months.