Modern Software-Defined Vehicles must balance rapid software innovation with strict functional-safety requirements. This whitepaper presents a joint reference blueprint from the Autoware Foundation, SOAFEE, and the eSync Alliance, demonstrating how open-source autonomy, mixed-critical orchestration, and secure OTA updates can coexist within safety-certified vehicle architectures. 

At the core of the work is the Safety Island concept: a physically and logically isolated real-time subsystem responsible for safety supervision, fallback control, and emergency actuation. The paper documents a working Safety Island Actuation Proof-of-Concept, where an Autoware pipeline running on a Linux-based primary compute platform communicates deterministically via ROS 2/DDS with a Zephyr RTOS–based Safety Island.

A key validated use case is the Minimum Risk Maneuver (MRM). Upon fault detection in perception or planning, control authority is seamlessly transferred to the Safety Island, which continues executing stable control until the vehicle reaches a safe state. Extensive testing confirms bounded latency, deterministic cross-domain communication, and graceful degradation under fault conditions.

The whitepaper also addresses one of the most critical SDV challenges: secure and verified over-the-air (OTA) updates for safety-critical domains. Using the eSync Alliance framework, the system enables cryptographically verified, traceable, and rollback-capable OTA updates—including Safety Island firmware—while remaining compliant with UNECE R155/R156 and functional-safety constraints.

Together, this work demonstrates that open collaboration does not compromise safety. Instead, it delivers a reproducible, standards-aligned reference architecture for building scalable, continuously updateable, and safety-certified autonomous vehicles.

📩 Download the whitepaper by signing up below.