As software integration driven by SDV (Software-Defined Vehicles) advances, the software complexity of automotive controllers is increasing. One of the approaches to address this growing complexity is the adoption of container technology.
However, container solutions that comply with the conventional OCI standards fall short in automotive controller environments, as they suffer from limited performance and do not adequately meet the specific requirements of automotive systems.
Furthermore, SDV systems are expected to support downloadable applications, which require the use of writable partitions. Conventional container solutions do not provide adequate safeguards for writable partitions — including security against tampering and filesystem integrity — leaving a critical gap in automotive environments where both safety and reliability are essential.
To address these limitations, a high-performance, security-enhanced container solution was developed — Eclipse SSAM. Eclipse SSAM can establish a container environment within 100 milliseconds and initiate application execution, as validated on the NXP S32G platform. It also continuously verifies the integrity of container packages, enabling real-time detection of any tampering or unauthorized modifications.
We aim to contribute to the advancement of Software-Defined Vehicles (SDV) by open-sourcing this solution. Through community collaboration and industry-wide adoption, we hope to accelerate innovation, improve software scalability, and help establish a more robust and flexible vehicle software ecosystem.
Eclipse SSAM project provides a high-performance and security-focused container execution framework designed primarily for automotive ECU systems, with limited applicability to other systems that share similar resource constraints.
The scope includes:
1. Lightweight Container Execution Framework
- Fast initialization of container environments (target: within 100 ms)
- Enables containerized application to begin execution with minimal startup latency
- Optimized for resource-constrained systems such as automotive ECUs
2. Security and Integrity Assurance
- Continuous integrity verification of container packages
- Real-time detection of tampering or unauthorized modification during runtime
- Designed to meet the security requirements of safety-critical systems
3. Host OS Support
- Eclipse SSAM currently operates on Linux-based host operating systems
- The architecture allows future portability to other operating systems that support container execution
- Application behavior inside containers remains OS-dependent by design
4. Controlled Compatibility with OCI
-
Eclipse SSAM adopts an OCI-compatible runtime (e.g., runc) for container execution, but its other components — such as image format and package management — are independently designed without adhering to the OCI specification.
Applicability
Eclipse SSAM is designed primarily for automotive ECU systems.
It may also be applicable to other systems with similar characteristics, such as:
- limited compute resources
- strict startup time requirements
- strong runtime integrity requirements
For general-purpose computing environments (e.g., cloud or enterprise systems), OCI-compliant container solutions are recommended.
Key Design Principles
Eclipse SSAM is designed for performance and security, without targeting full OCI compatibility.
SSAM does not implement low-level container runtimes (e.g., runc), and instead relies on externally provided runtimes.
SSAM provides the capability to execute containers efficiently in constrained systems, without defining higher-level management or orchestration behavior.
Out of Scope
- Full OCI-compliant container runtime implementation
- Development of low-level container runtimes (e.g., runc-equivalent)
- General-purpose cloud or enterprise container platforms
- Container orchestration systems (e.g., Kubernetes-like frameworks)
- Initial support for non-Linux operating systems
- Application-level platforms or service orchestration layers
Eclipse SSAM is a purpose-built container execution framework for automotive systems, designed for performance and security without targeting full OCI compatibility.
Eclipse SSAM is a lightweight container execution framework optimized for automotive ECU environments in the context of Software-Defined Vehicles (SDV). It rapidly initializes container environments to begin application execution, and continuously verifies the integrity of container packages to detect tampering or unauthorized modifications in real time.
The framework provides the following core capabilities:
- Package Management — supports installation, removal, and upgrade of container packages
- Integrity Verification — ensures package integrity using Linux dm-verity and EROFS
- Container Execution — runs containers via an OCI-compatible container runtime (crun) using Systemd
- Resource Isolation — in addition to the resource isolation provided by OCI Runtime, enforces ext4 project quota on writable data partitions to limit disk usage per container-native application
Unlike conventional OCI-compliant solutions, Eclipse SSAM is purpose-built for resource-constrained, safety-critical systems where fast startup and tamper detection are essential. It selectively adopts OCI concepts while prioritizing performance and security over full specification compliance.
Eclipse SSAM operates on Linux-based host operating systems and relies on externally provided low-level runtimes, focusing solely on efficient container execution in constrained environments.
By open-sourcing SSAM under the Eclipse Foundation, we aim to foster cross-industry collaboration and contribute to a robust, scalable vehicle software ecosystem.
Third-Party Dependencies
All third-party open-source components used by Eclipse SSAM have been reviewed for license compatibility. No copyleft-licensed (e.g., GPL) components are included in the core framework.
Patents
Hyundai Mobis holds a patent related to the Eclipse SSAM technology (Korean Patent Application No. 10-2026-0081665, filed May 6, 2026). The patent grant provisions of the Apache License 2.0 apply to all contributions made to this project.
Trademarks
No trademarks are currently registered for Eclipse SSAM.
Cryptography
Eclipse SSAM uses cryptographic functions (e.g., hash verification via dm-verity) for integrity assurance purposes. These are used for verification only and do not involve encryption of user data. Export control classification will be reviewed as needed.
SSAM directly addresses the software complexity challenges of Software-Defined Vehicles, which is the core mission of the Eclipse SDV Working Group. By hosting SSAM at Eclipse, we aim to collaborate with existing SDV projects such as Eclipse S-Core and contribute to a cohesive, vendor-neutral vehicle software platform.
The Eclipse Foundation already hosts a growing portfolio of automotive and SDV projects. Placing SSAM within this ecosystem enables integration opportunities, shared best practices, and visibility among key industry stakeholders.
- We will continue to provide technical support and development to establish Eclipse SSAM as a de facto standard for package distribution in SDV environments.
- We will work toward integrating Eclipse SSAM into the Eclipse S-Core project, including the development of features required for seamless integration.
- We plan to extend OS support beyond Linux when QNX introduces container execution capabilities.
- We will continue efforts to support functional safety compliance up to ASIL-B.
The codebase is fully functional and ready for contribution. Internal approval processes within Hyundai Mobis have been completed. The initial contribution can be made after May 30, 2026, following project approval by the Eclipse Foundation.
Hyundai Mobis — Initial contributor and project lead organization
The initial code contribution is developed by Hyundai Mobis. The codebase includes dependencies on third-party open-source libraries, all of which are compatible with the Apache-2.0 license. A full list of third-party dependencies and their respective licenses will be provided as part of the initial contribution.
The initial contribution is planned to be available after May 30, 2026.
- Log in to post comments
We are pleased to submit the…
Submitted by Jeff Kim on Mon, 05/18/2026 - 03:47
We are pleased to submit the SSAM proposal and welcome feedback and collaboration from the community, particularly around SDV integration, security, and constrained system environments.