RTD 4.0 safety application with a multi-core setup (esp. Port module)

Hi all,

I've a couple of questions regarding the use of the RTD 4.0 Port module in a safety context and a multi-core setup.
We are targeting ASIL C. We're using the S32K358, the functional safety core (master core) is M7_0 with M7_1 in lockstep configuration. A QM only core is realised with the M7_2 core.

Used references:
- My NXP post about general multi-core use: https://community.nxp.com/t5/S32K/Usage-of-RTD-4-0-MCAL-drivers-in-a-multi-core-application/td-p/183...
- Application Note "Multi-Core Implementation in RTD of S32K3" (Rev. 1, 07/2022)
- RTD Software Safety Manual for S32K3_S32M27X (Rev. 13.1 — 4 December 2023)
- S32K3xx Functional Safety Application Note (Rev. 0.2 Preliminary Version 06 Feb 2023)

1) Port module with XRDC

As stated in the integration manual of the Port module, it's a Type III multi-core module. According to the multi-core app note, that means that initialisation is done only on one core, the master core. Thus, the master core must access all pad control registers to initialise each pin.

However, with XRDC, I assign a pad to one PDAC, which is then assigned to one core. But then the master core does not have access to these registers?

What approach did NXP think of for this setup?

2) Type III modules and Fully Trusted Environment (FTE)

For RTD as SEooC, assumptions for the integration are stated, the so called FTE.

How can this be achieved with a Type III module? Especially with EA_RTD_00057 and EA_RTD_00058?
As far as I understand, "The codes/constants and variables have GLOBAL scope" would mean that the Port module uses shared RAM. And the QM core will call in QM context the module and access memory.

So how can these assumptions be met in a multi-core setup with different ASIL levels?

Thank you
Andreas