Designing fully redundant secure DMZ question

Hi,
I am tasked with designing an active/standby ASA environment.
For the security appliances and the Dirty DMZ configuration I have what I believe to be a good design, however, for the secure DMZ I have challenges.

For instance, in a single DMZ connected to the active/standby appliances, how can I make that DMZ redundant. Cisco docs show two switches that are trunked together and connected to their respective firewalls, the servers are dual homed with a connection to each DMZ switch.
However, if the switch connected to the active firewall fails, I see no way for the Servers in the DMZ to remain in service.

What is the solution for a fully redundant DMZ?