## AN14892

# S32N55: Managing Isolation and XRDC Configuration via Domain Manager Rev. 1.0 — 17 December 2025 Application note

#### **Document information**

| Information | Content                                                                                                                                                                                                     |
|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Keywords    | S32N55, 5 nm S32N family of products, domain manager                                                                                                                                                        |
| Abstract    | S32N55 is one of the initial chips in NXP's next-generation 5 nm S32N family of products. This application note is intended to help users understand the cohort concept and the steps to configure cohorts. |



S32N55: Managing Isolation and XRDC Configuration via Domain Manager

#### 1 Overview

S32N55 is one of the initial chips in NXP's next-generation 5 nm S32N family of products. This chip is a real-time processor for multi-chip domain control applications and supports multi-application ASIL D control through advanced real-time processing, hardware isolation, and virtualization.

This application note is intended to help users understand the cohort concept and the steps to configure cohorts. The application note is only to be used as a reference, and for any conflicts in sections, users are advised to refer to the S32N55 RM<sup>[1]</sup> and FSS FW User Manual<sup>[2]</sup>. It is advised to go through the "Resource Management Overview" section of S32N55 RM<sup>[1]</sup>, and "Cohort Definition", "Booting a Cohort", "Cohort States", and "Cohort Status" sections of Boot Manager in the FSS FW User Manual<sup>[2]</sup>.

The examples in this application note are developed based on the following software environment:

- FSS: S32N FSS FW R21-11 1.8.1
- RTD: SW32N\_RTD\_R21-11\_1.8.0\_CD03
- GrayVIP 1.0.21.0 with 6 cohorts

## 2 Cohort concept and subsystem

A cohort is a computing environment composed of one or more UENVs that are deployed together to solve a common problem. In a cohort containing multiple UENVs, the UENVs are not required to have the same core architecture or lockstep mode.

Cohorts are defined by the chip's partition manager during the boot process. The figure below illustrates an example of how a chip's resources can be partitioned to support a specific application.



#### 2.1 Uniform environment

A Uniform Environment (UENV) is defined as a group of one or more cores that share the same architecture and lockstep mode, along with a set of associated resources such as memory regions and peripherals, which are accessible by those cores.

By definition, an RTU instance constitutes a single UENV, meaning it can be assigned to only one cohort. However, each RTU contains two clusters, and each cluster is also considered a UENV. As a result, the two clusters within an RTU can be assigned to different UENVs, even if those UENVs belong to different cohorts.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Note: A UENV can only be included in at most one cohort.

#### 2.2 Subsystems

Several subsystems exist within the chip through hardware partitioning, such as FSS, CRS, RTU, and CIS. A subsystem is a hardware-defined concept, meaning it is determined during the design phase and cannot be modified by users. Memory and peripherals are assigned to a specific subsystem, indicating that these resources are tightly coupled to a particular bus, and their clock and power are managed by the same control instance. The diagram below illustrates the main subsystems in the S32N55 and how they are interconnected.



#### 2.3 Software components

Each cohort has its own Cohort Manager, allowing different vendors to independently develop or configure their respective managers. Within a cohort, each UENV possesses its own dedicated set of resources. Resource sharing among UENVs in the same cohort is managed by the software logic implemented in the Cohort Manager.

#### 2.3.1 Partition manager

The Partition Manager is a chip-level function executed by software within the System Base Cohort (SBC). It plays a central role in defining and allocating system resources across all other cohorts. As the first software

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

component to run during chip boot, the Partition Manager is responsible for resource allocation in the following aspects:

- · Dividing system resources such as memory, peripherals, and processing units.
- · Assigning access rights to each cohort.
- Managing XRDC4 Cohort IDs (CIDs) to enforce hardware-level access control.

The Partition Manager has full access to the configuration of all XRDC4 components, enabling it to completely define the resource boundaries of each cohort. This centralized control is especially effective in scenarios where:

- · A cohort contains only one UENV.
- Multiple cohorts are owned by the same system developer who also controls the Partition Manager.

In the system architecture, the Partition Manager role is implemented by the FSS firmware, working in coordination with HSE2, to partition system resources into well-defined cohorts. The project Firmware\_S32N55\_FSS always assumes the role of PM. At the same time, it also takes on the role of CM for the SBC, which means all SBC configurations of XRDC can be performed within this project.

#### 2.3.2 Cohort manager

A cohort manager is software that manages resource sharing within a single cohort. The cohort manager is loaded onto a core within a cohort by the partition manager. The cohort manager should do:

- Configures the XRDC4 components within a cohort. It assigns and manages DIDs, thereby allocating cohort
  peripherals to UENVs within the cohort.
- · Loads, runs, verifies, and manages images for UENVs in the cohort.

#### 2.3.3 Hypervisor

A hypervisor is an optional software component within a UENV (Unified Embedded Virtualization Environment) that is responsible for creating, scheduling, and isolating virtual machines (VMs).

To perform these tasks effectively, the hypervisor relies on several hardware mechanisms:

- Privilege level. Processor cores that support virtualization typically implement a dedicated privilege level specifically for hypervisor execution. In ARM architectures, these are defined as Exception Levels (ELx), where x denotes the level of privilege. For example, in the ARMv8-R architecture—such as the Cortex-R52 used in Real-Time Units (RTUs)—the hypervisor operates at EL2, which grants elevated access to system control resources required for managing virtual machines. This privilege level is not available on cores that lack hardware virtualization support, thereby restricting their ability to host hypervisors.
- Isolation mechanism(s). The ARMv8-R architecture introduces a second-stage Memory Protection Unit
  (MPU) to regulate core access to normal memory regions. However, device memory typically demands more
  granular access control than what the MPU can offer. To address this limitation, the Cortex-R52 associates
  a Virtual Machine Identifier (VMID) with memory transactions involving device memory, enabling VM-level
  differentiation. Furthermore, the eXtended Resource Domain Controller (XRDC4) functions as a hardware
  firewall, enforcing isolation between virtual machines executing on the same core. It also provides domainbased partitioning of core resources, ensuring isolation both within a single cohort and across multiple
  cohorts.

#### 2.3.4 EL2 monitor

An EL2 monitor is a lightweight hypervisor implementation based on the Armv8-R architecture. It enforces a strict one-to-one mapping between each physical core and its corresponding virtual core as presented by the monitor. This design simplifies virtualization overhead and ensures deterministic behavior, which is critical in real-time embedded systems.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

#### 2.3.5 Virtual machine

A virtual machine is an abstract computing environment instantiated and managed by a hypervisor. The resources available to a VM may consist of virtualized components—emulated entirely in software—or physical hardware resources explicitly assigned to the VM.

The software running inside a VM can range from full-featured operating systems to bare-metal applications. From the perspective of the software within the VM, the system appears as a unified hardware platform, comprising both physical and virtual resources, seamlessly integrated by the hypervisor.

#### 2.3.6 SW resources allocation

This section introduces the usage of the SW Resources allocation tab in the module Fss\_Rem\_Pm. These configurations are related to the clock gate(CG) and the software reset domain(SRD).

Each resource must be assigned to a single cohort as either an Owner or a User. A resource can have at most one Owner, and it will be released when its owner cohort starts up normally.

Note: The chip will reset when accessing resources that have not been properly deasserted.

#### 2.4 Hardware components

#### 2.4.1 AIDA

This XRDC is located outside the bus mastering interface of the chip IPs. It receives an identity from the bus master and translates it into an outbound AID, which is then used by the target XRDCs to determine whether access should be granted. The following diagram shows a simple process of accessing resources:



The AID comprises two components: CID and DID, where CID denotes the Cohort ID and DID denotes the Domain ID. Certain AID combinations carry special meanings or behaviors, as described below:

- · AID 0.0: Invalid as an access identifier.
- AID 0.1: Represents the partition manager within the system base cohort (CID = 0).
- AID 0.x: Located in the SBC, associated with FSS and HSE.
- AID x.1: Denotes the cohort manager for cohort x, where  $x \neq 0$ .
- AID x.0: Valid and has no special purpose, where x ≠ 0.

There are two types of AIDA: AIDA\_CR(Cortex-R) and AIDA\_AD(Accelerators and DMA).

AIDA\_CR is optimized for processors that typically provide a VMID, NS, and PRIV attribute with each
bus transaction. For every transaction issued by the manager, AIDA\_CR generates an AID, which is a
concatenation of the CID and DID. In addition to the AID, AIDA\_CR also produces auxiliary bits, divided into

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

CAUX and DAUX. While the XRDC itself does not use these auxiliary bits, they may be useful to other system components.

AIDA\_AD, on the other hand, selects CID, DID, CAUX, and DAUX for each transaction based on a set of
programmable entries. It uses a direct index selection method, where the index is derived from transaction
attributes carried on the user sideband of the system bus. The specific attributes used as the index depend
on the function of the manager agent. For example, an AIDA\_AD assigned to a DMA manager might use the
DMA channel number as the index selector. Therefore, the DMA channel number must be included in the
transaction's user sideband. A compile-time parameter determines which bits of the user sideband are used
as the index for AIDA\_AD.

The inputs to RTU.AIDA\_CR come from the VMID, NS, and PRIV attributes, which come from the ARM mechanism.



However, due to architectural limitations, the FSS core and CRS core do not support the aforementioned registers. As a result, they are driven in an alternative manner to allow optional usage and to align with the attributes of the incoming transactions:

Table 1. Inputs of FSS

| Table 1. Inputs of 133 |                                                                                                                                          |  |
|------------------------|------------------------------------------------------------------------------------------------------------------------------------------|--|
| Bit position           | Description                                                                                                                              |  |
| [4:0]                  | Driven by MCM's Task ID(PID) register                                                                                                    |  |
| [5]                    | Driven by CM7's ARMASTER field (which can be used to distinguish between CM7 transactions from the processor versus from its debug port) |  |
| [6]                    | Read: Reserved Write: Driven by a signal derived from the CM7's AWID field:  • 1'b0: Transaction is not the result of an eviction        |  |

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Table 1. Inputs of FSS...continued

| Bit position | Description                                                                                                                              |
|--------------|------------------------------------------------------------------------------------------------------------------------------------------|
|              | 1'b1: Transaction is the result of an eviction                                                                                           |
| [7]          | Driven by the FRB GPO[7] signal, which is configured by secure firmware, allowing it to optionally impact the selection of an output AID |

The inputs for AIDA\_AD differ from those of AIDA\_CR. AIDA\_AD uses a direct index selection method within the user sideband. For example, DMA modules typically use their channel number as the index, while NETC modules use their LDID.

More details can be found in the corresponding chapter of the Reference Manual. Below is a sample input for FSS.eDMA:

Table 2. Inputs of FSS.eDMA

| Bit position | Description                                                                                                                              |
|--------------|------------------------------------------------------------------------------------------------------------------------------------------|
| [4:0]        | Driven by FSS.eDMA channel number                                                                                                        |
| 1            | Driven by the FRB GPO[8] signal, which is configured by secure firmware, allowing it to optionally impact the selection of an output AID |
| [6]          | Strapped to 1'b0                                                                                                                         |

#### The FSS.COSS.eDMA inputs:

Table 3. Inputs of FSS.COSS.eDMA

| Bit position | Description                                                                                                                                             |
|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|
| [0]          | Driven by internal logic that is set by software, using each channel for both send and receive. This is unique for each FSS.COSS.eDMA AIDA AD instance. |
| [5:1]        | Driven by FSS.COSS.eDMA(0-6) channel number                                                                                                             |
| [6]          | Reserved                                                                                                                                                |

#### The CRS.NETC inputs:

Table 4. Inputs of CRS.NETC

| Function | Instance | Assigned LDID |
|----------|----------|---------------|
| EMDIO    | 0        | 2             |
| Timer    | 0        | 1             |
| Switch   | 0        | 3             |
| ENETC    | 0        | 4             |
| VSI      | 0        | 5             |
|          | 1        | 6             |
|          | 2        | 7             |
|          | 3        | 8             |
|          | 4        | 9             |
|          | 5        | 10            |
|          | 6        | 11            |

The following table lists the AIDA instances implemented on this chip:

**Application note** 

## S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Table 5. AIDA Instance

| Subsystem | Category | Module instance | Master              |
|-----------|----------|-----------------|---------------------|
|           |          | XRDC_AIDA_AD1   | eSTAM               |
|           |          | XRDC_AIDA_AD2   | CSSI                |
|           |          | XRDC_AIDA_AD3   | eDMA                |
|           |          | XRDC_AIDA_AD4   | Usdhc               |
|           |          | XRDC_AIDA_AD5   | APBIC_Debug         |
|           | AIDA AD  | XRDC_AIDA_AD7   | COSS.eDMA0          |
| FSS       | AIDA_AD  | XRDC_AIDA_AD8   | COSS.eDMA1          |
|           |          | XRDC_AIDA_AD9   | COSS.eDMA2          |
|           |          | XRDC_AIDA_AD10  | COSS.eDMA3          |
|           |          | XRDC_AIDA_AD11  | COSS.eDMA4          |
|           |          | XRDC_AIDA_AD12  | COSS.eDMA5          |
|           |          | XRDC_AIDA_AD13  | COSS.eDMA6          |
|           | AIDA_CR  | XRDC_AIDA_CR    | FSS_CM7             |
|           |          |                 | AHB_CANXL_0         |
|           |          |                 | AHB_CANXL_1         |
|           |          |                 | AHB_CANXL_2         |
|           |          |                 | AHB_CANXL_3         |
|           |          |                 | AHB_FlexRay         |
|           | AIDA_AD  |                 | AHB_ACCEL_0         |
| CRS       | AIDA_AD  | -               | AHB_ACCEL_1         |
|           |          |                 | AXI_CAAM            |
|           |          |                 | AXI_DMA_0           |
|           |          |                 | AXI_DMA_1           |
|           |          |                 | ACE_PCIe_Inbound    |
|           |          |                 | ACE_NETC            |
|           | AIDA_CR  |                 | CRS_AXI_CM7         |
|           |          | XRDC_AIDA_CR0   | AXIM_Cluster0_Core0 |
|           |          | XRDC_AIDA_CR1   | AXIM_Cluster1_Core0 |
|           |          | XRDC_AIDA_CR2   | AXIM_Cluster0_Core1 |
| RTU.x     |          | XRDC_AIDA_CR3   | AXIM_Cluster1_Core1 |
|           | AIDA_CR  | XRDC_AIDA_CR4   | AXIF_Cluster0_Core0 |
|           |          | XRDC_AIDA_CR5   | AXIF_Cluster1_Core0 |
|           |          | XRDC_AIDA_CR6   | AXIF_Cluster0_Core1 |
|           |          | XRDC_AIDA_CR7   | AXIF_Cluster1_Core1 |
|           |          | XRDC_AIDA_CR8   | ETR                 |
| CIS       | AIDA_AD  |                 | Debug ETR           |

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

#### 2.4.2 PIDAC

PIDACs are positioned in front of peripheral targets. They receive the AID associated with each transaction and determine whether to allow or block access to the corresponding peripheral resource.

These components are part of the target-side XRDC4, which manages access control for peripherals and fixed-size regions of the address space.

Typically, PIDACs control access to groups of register banks—such as a set of peripherals sharing the same bus—but they can also manage access to memory regions, provided the fixed-size allocation is sufficient for all intended use cases.



The cohort policy is an attribute of PIDAC and MIDAC that governs the initial gate of access control. The available options are:

- NO\_OVERRIDE: Transactions are subject to the read and write permission vectors, which are configured via slot descriptor registers.
- OVERRIDE: Allows both read and write access from any entity.
- **READ\_ONLY\_OVERRIDE**: Read operations are subject to the read permission vector. Write operations are strictly prohibited, regardless of the write permission vector settings.

Here are some tips for the configuration of PIDAC:

- If a peripheral is accessible for both read and write operations by all requestors, the OCIDR.CPOLICY can simply be configured as OVERRIDE.
- When the PM writes a nonzero value to OCIDR.OCID, the corresponding CACC\_CR\_By\_Sx\_W0-1 is automatically asserted to all 1s by hardware. This indicates that all domains within the cohort are granted read and write access to this slot.
- If a slot needs to be accessed by a visitor, the OCIDR.NV register must be deasserted by the PM, and the CACC CR By Sx W2.VEN must be asserted by the CM.

Each PIDAC supports an Access Violation Alarm to help identify denied access attempts from initiators. This feature can be enabled via the AVEN register. When any access is denied, detailed violation information will be recorded. The table below lists the details, including:

Table 6. Details of Access Violation Alarm

| Register  | Bit | Description                               |
|-----------|-----|-------------------------------------------|
| AVEN      | -   | Access Violation Alarm Enable             |
| AVADDR_HI | -   | Access Violation Error Address High Range |

## S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Table 6. Details of Access Violation Alarm...continued

| Register  | Bit            | Description                                                                                  |  |
|-----------|----------------|----------------------------------------------------------------------------------------------|--|
| AVADDR_LO | -              | Access Violation Error Address Low Range                                                     |  |
|           | 0-AVSTAT       | When reading 0b - Not captured 1b - Captured When writing 0b - No effect 1b - Clear the flag |  |
|           | 1-AVPRIV       | 0b - Violated unprivileged transaction 1b - Violated privileged transaction                  |  |
| AVATTR    | 2-AVNS         | 0b - Violated secure transaction 1b - Violated nonsecure transaction                         |  |
|           | 3-AVOF         | Access Violation Opcode Fetch 0b - Data access 1b - Opcode fetch                             |  |
|           | 5-AVMTX        | 1b - Mutex ownership denial                                                                  |  |
|           | 11~6-AVDID     | Access Violation Domain Identifier                                                           |  |
|           | 15~12-AVCID    | Access Violation Cohort Identifier                                                           |  |
|           | 23~16-AVMST_ID | Access Violation Manager ID                                                                  |  |
|           | 24-AVRW        | Access Violation Read/Write 0b - Write transaction 1b - Read transaction                     |  |
|           | 29-AVI         | Access Violation Inter Cohort                                                                |  |

The following section outlines the PIDAC instances for all subsystems on the chip.

Table 7. PIDAC Instance

| Subsystem | Instance | Module instance        | Description       |
|-----------|----------|------------------------|-------------------|
|           | PIDAC0   | XRDC_PIDAC_PERIPH_IPS1 | FSS.Pbridge0      |
|           | PIDAC1   | XRDC_PIDAC_PERIPH_IPS2 | FSS.Pbridge1      |
|           | PIDAC2   | XRDC_PIDAC_PERIPH_IPS3 | FSS.Pbridge2      |
|           | PIDAC3   | XRDC_PIDAC_AXI1        | FSS.PRB           |
|           | PIDAC5   | XRDC_PIDAC_AHB2        | FSS.CSSI          |
|           | PIDAC6   | XRDC_PIDAC_PERIPH_APB1 | FSS.Dbg_APBIC     |
| FSS       | PIDAC8   | XRDC_PIDAC_AHB3        | FSS.FTCM          |
|           | PIDAC9   | XRDC_PIDAC_AHB1        | FSS.SDB_NIC       |
|           | PIDAC11  | XRDC_PIDAC_PERIPH_APB2 | FSS.Pbridge2_APB  |
|           | PIDAC12  | XRDC_PIDAC_PERIPH_IPS4 | FSS.COSS.pbridge0 |
|           | PIDAC13  | XRDC_PIDAC_PERIPH_IPS5 | FSS.COSS.pbridge1 |
|           | PIDAC14  | XRDC_PIDAC_PERIPH_IPS6 | FSS.COSS.pbridge2 |
|           | PIDAC15  | XRDC_PIDAC_PERIPH_IPS7 | FSS.COSS.pbridge3 |

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Table 7. PIDAC Instance...continued

| Subsystem | Instance | Module instance         | Description                   |
|-----------|----------|-------------------------|-------------------------------|
|           | PIDAC16  | XRDC_PIDAC_PERIPH_IPS9  | FSS.HKI.Periph_IO             |
|           | PIDAC17  | XRDC_PIDAC_PERIPH_IPS10 | FSS.HKI.Periph.PM2            |
|           | PIDAC18  | XRDC_PIDAC_PERIPH_IPS8  | FSS.HKI.Periph_AON            |
|           | PIDAC19  | XRDC_PIDAC_AHB4         | FSS.HKI.AONSRAM               |
|           | PIDAC0   | XRDC_PIDAC_IPS_0        | LIN, DMA0, FlexCAN            |
|           | PIDAC1   | XRDC_PIDAC_IPS_1        | LIN, DMA1, FlexCAN            |
|           | PIDAC2   | XRDC_PIDAC_IPS_2        | CANHUB, FlexRAY               |
|           | PIDAC3   | XRDC_PIDAC_PCIe_APB     |                               |
| CRS       | PIDAC4   | XRDC_PIDAC_IPS_MAIN     | SWT, vGPIO, MRU               |
| CKS       | PIDAC5   | XRDC_PIDAC_AHB_CANXL_0  |                               |
|           | PIDAC6   | XRDC_PIDAC_AHB_CANXL_1  |                               |
|           | PIDAC7   | XRDC_PIDAC_AHB_CANXL_2  |                               |
|           | PIDAC8   | XRDC_PIDAC_AHB_CANXL_3  |                               |
|           | PIDAC9   | XRDC_PIDAC_AES_ACCEL    |                               |
|           | PIDAC0   | PBRIDGE2_0              | SWT, MRU, SRAMCTL_Cx          |
|           | PIDAC1   | PBRIDGE2_1              | L_VFCCU, OMU, MRU, SRAMCTL_Dx |
| RTU       | PIDAC2   | PBRIDGE2_2              | MRU                           |
| RIU       | PIDAC3   | XRDC4_PIDAC_AHBrtuf     | RTUF_NIC_D                    |
|           | PIDAC4   | XRDC4_PIDAC_AHBrtum     | RTUM_NIC_D                    |
|           | PIDAC5   | XRDC4_PIDAC_AHBrtup     | RTUP_NIC_B                    |
| CMMC      | PIDAC0   | AIPS_0                  | DDRC, CMU_FC, L_VFCCU         |
| SMMS      | PIDAC1   | AIPS_1                  | DDR PHY                       |
| CIS       | PIDAC0   | SS Pbridge              | IRQSTR, L_VFCCU               |

#### 2.4.3 MIDAC

MIDACs are positioned in front of large memory spaces. Specifically, the NETC is protected by MIDAC. They receive the AID associated with each transaction and determine whether to allow or block access to the corresponding memory range.

Configuring the protection rules and defining the address regions managed by each XRDC4\_MIDAC slot involves two key parts:

- As the PM role, enable memory regions for cohorts and assign slots to the corresponding cohorts.
- As the CM role, further configure the slot attributes and define access permissions for each slot.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



Only the PM is permitted to update region-related registers, which include address ranges, cohort enable, cohort policy, and the no-visitor setting. The PM also manages the OCID register, which defines the owner cohort ID associated with each slot. Conversely, only the CM can update slot-related registers, which contain address ranges, region selection, domain access vectors, and visitor access permissions. However, certain slot registers are subject to automatic updates.

Each MIDAC instance supports monitoring access violations and modifying alarms, which can be enabled by setting the AVEN and MA\_CR bits. The access violation monitor helps users identify detailed information about violations, including the address, AID, and the type of operation (read or write), please find more details in PIDAC chapter or refer to the RM.

The slot registers are automatically updated when the PM writes a nonzero value to the CIDR (Cohort ID Entry Register). Each CIDR register contains entries for four slots.

For slot x, the corresponding OCID field is stored in CIDRm[OCID\_S\_Nk], where  $m = x \div 4$  and  $k = x \mod 4$ . Here, x is the slot index, and m is the index of the CIDR register.

For example, if the PM writes 0x2 to CIDR5 N3, it means that slot 23 (since  $23 = 4 \times 5 + 3$ ) belongs to cohort 2.

Based on the above example, the automatic updates are listed:

- DACC CR S23 W4-5 will assert all bits to provide full R/W to all domains within the owning cohort.
- DACC\_CR\_S23\_W1.CHRT\_REGION\_SEL will update with cohort ID, indicating that the slot is associated with region index equal to CID(CID=2). That is why the PM defaults configure a region entry with CID.
- DACC\_CR\_S23\_W0-3 will update the address range with the region address, which is stored in the region-related register with index CID (update with value in CHRT\_R2\_UPPER and CHRT\_R2\_LOWER).
- DACC\_CR\_S23\_W7.SVLD will be set by hardware when the region is enabled for the corresponding cohort(through CHRT\_Ry\_UPPER\_ADDRL.CnEn). In case CHRT\_R2\_UPPER\_ADDRL.C2En bit is 1h, hardware will assert DACC\_CR\_S23\_W7.SVLD==1.

The following section outlines the MIDAC instances for all subsystems on the chip.

Table 8. MIDAC Instance

| Subsystem | Instance | Module instance              | Description        |
|-----------|----------|------------------------------|--------------------|
| FSS       | MIDAC0   | XRDC_MIDAC_AXI               | FSS.SCB_NIC        |
| 1535      | MIDAC1   | XRDC_MIDAC_AHB               | FSS.XSPI           |
|           | MIDAC0   | XRDC_MIDAC_AXI_PCle_Outbound | Accel, PCIe        |
| CRS       | MIDAC1   | XRDC_MIDAC_AXI_MainMem_0     | CRS.SRAM0          |
|           | MIDAC2   | XRDC_MIDAC_AXI_MainMem_1     | CRS.SRAM1          |
|           | MIDAC3   | XRDC_MIDAC_AHB_M7            | CRS.ITCM, CRS.DTCM |

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

Table 8. MIDAC Instance...continued

| Subsystem | Instance | Module instance     | Description   |
|-----------|----------|---------------------|---------------|
|           | MIDAC4   | XRDC_MIDAC_AXI_NETC | NETC, PCIe    |
|           | MIDAC0   | XRDC4_MIDAC_D0      | DRAM0         |
|           | MIDAC1   | XRDC4_MIDAC_D1      | DRAM1         |
|           | MIDAC2   | XRDC4_MIDAC_Dx      | DRAM2         |
|           | MIDAC3   | XRDC4_MIDAC_TCM0    | Cluster 0 TCM |
|           | MIDAC4   | XRDC4_MIDAC_CODE    | ОМИ           |
|           | MIDAC5   | XRDC4_MIDAC_TCM1    | Cluster 1 TCM |
| DTII      | MIDAC6   | XRDC4_MIDAC0        | CRAM0         |
| RTU       | MIDAC7   | XRDC4_MIDAC1        | CRAM1         |
|           | MIDAC8   | XRDC4_MIDAC2        | CRAM2         |
|           | MIDAC9   | XRDC4_MIDAC3        | CRAM3         |
|           | MIDAC10  | XRDC4_MIDAC4        | CRAM4         |
|           | MIDAC11  | XRDC4_MIDAC5        | CRAM5         |
|           | MIDAC12  | XRDC4_MIDAC6        | CRAM6         |
|           | MIDAC13  | XRDC4_MIDAC_LLC     | LLC           |
| SMMS      | MIDAC0   | XRDC4_MIDAC         | DDRC access   |

## 3 How to assign the AID for an initiator

#### 3.1 How to assign the AID of AIDA CR

In this section, we aim to demonstrate how to assign an AID to a core initiator. As mentioned, there are three parts of AIDA\_CR in this chip.

The process will be explained step by step, with examples to illustrate the configuration.

#### 3.1.1 CRS

The CRS subsystem has only one instance of AIDA\_CR. Each instance supports up to 16 domain entries, meaning that a core can be assigned to a maximum of 16 domains with distinct matching configurations simultaneously.

The inputs of the AIDA engine for CRS are mentioned in the previous chapter. For each transaction, the AIDA engine uses an attribute match index selection method. It evaluates the index via a match between the masked transaction NS, PRIV, and VMID with each entry of NS, PRIV, and VMID programmed in the AIDA\_CR programming model.

This means that when a bit mask is deasserted, the corresponding bit will be excluded from the matching process. For example, if the NS\_MASK of an entry is enabled (i.e., the NS bit is ignored), then the entry will match attributes regardless of the NS value — both secure and non-secure accesses will hit the entry.

AIDA\_CR uses the lowest matched index to select the corresponding DID and DAUX entries. Also, it is responsible for generating a BAD\_AID or poison sideband output for transactions that contain a parity error, originate from a faulted cohort, or fail to match any entry. For example, if both ATTCR1 and ATTCR5 result in a match, ATTCR1 takes precedence. In this case, index 1h is used to select the corresponding DID and DAUX values from the registers DIDCR1 and DAUXCR1.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

The following section outlines the configuration of CRS.AIDA\_CR.

#### The goal is to:

- Add Domain 1 to enable access at the lowest hit level.
- Add Domain 2 to target transactions with VMID = 1.

#### Steps are listed:

- 1. Ensure that CRS.AIDA CR.XRDC CM7 AXIM is assigned to Cohort 1 (CRS) in the FSS project.
- 2. Navigate to the Domain Config tab in the Rem Cm module of the CRS project.
- 3. Add an entry for Domain 2.
- 4. Configure the match settings for Domain 2. Go to the RemCmAidaDomainConfig tab and add an entry with the following parameters:
  - a. Index: 0
  - b. VMID Mask: 0xFF
  - c. Non-secure Mask: deasserted
  - d. Privilege Mask: deasserted
  - e. VMID Value: 0x1
- 5. Back to the Domain Config tab. Open the domain 1 entry.
- 6. Configure the match settings for Domain 3. Go to the RemCmAidaDomainConfig tab and add an entry with the following parameters:
  - a. Index: 15
  - b. VMID Mask: 0x0
  - c. Non-secure Mask: deasserted
  - d. Privilege Mask: deasserted



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



Based on the configurations, a transaction will be assigned to a specific domain when its input attributes match a domain entry. If multiple entries match, the one with the lowest index takes precedence. Additionally, there is an entry with index 15. Even if all previous entries fail to match, this entry will still be hit. The transaction will be assigned DID 1 because this entry has all input masks enabled, allowing it to match any transaction.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



As previously mentioned, the cohort manager uses AID x.1. Therefore, the XRDC can only be configured by an initiator with AID x.1. This requires that the XRDC configuration for the cohort manager include an entry with DID = 1 before the entire XRDC initialization process can be completed.

**Note:** All entries for the Cohort Manager in the FSS project must be configured with DID = 1 to ensure successful XRDC configuration.

#### 3.1.2 RTU

Each RTU contains four R52 cores, which are distributed across two clusters. Each core includes two instances of AIDA\_CR: AXIM and AXIF. According to ARM architecture restrictions, there are limitations on the VMID values of transactions.

- For the AXIM interface, a valid VMID is only guaranteed for Device memory accesses. For Normal memory accesses, the VMID is set to 0.
- · For the AXIF interface, the VMID is always set to 0.

This section focuses on the configuration of the AXIM instance.

The cohort manager of the RTU0\_R52\_3 AXIM (AIDA\_CR3) instance is Cohort 2 (RTU0). Therefore, it allows RTU0\_R52\_0, which serves as the Cohort Manager of Cohort 2, to further configure RTU0.AIDA\_CR3.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

The AIDA\_CR3 is expected to be assigned to Domain 1 and Domain 2 in this section. The steps are listed below:

- 1. Navigate to the Domain Config tab under the module Rem\_Cm in the project S32N5\_RTU0\_R52\_0\_VIP\_App.
- 2. Assign AIDA\_CR3 to Domain 1. Open the entry of XRDC4\_DOMAIN1, add a new entry for RTU0\_Xrdc\_ Cluster1\_Core1\_CodeAndData AIDA master under the RecmCmAidaDomainConfig tab. The parameters are listed:
  - a. Index: 15
  - b. VMID Mask: 0x0
  - c. Non-Secure Mask: deassert
  - d. Privilege Mask: deassert
- 3. The purpose of the previous entry is to assign AIDA\_CR3 to Domain 1 when entries 0–14 are not matched. This ensures that the transaction is assigned to at least one domain, rather than being granted a BAD\_AID.
- 4. Assign AIDA\_CR3 to Domain 2. Navigate back to the Domain Config tab. Open the entry for XRDC4\_DOMAIN2, and add a new entry for the RTU0\_Xrdc\_Cluster1\_Core1\_CodeAndData AIDA master with the following parameters:
  - a. Index: 0
  - b. VMID Mask: 0xFF
  - c. Non-Secure Mask: deassert
  - d. Privilege Mask: deassert
  - e. VMID: 0x1
- 5. The purpose of the previous entry is to assign AIDA\_CR3 to Domain 2 when the VMID is 0x1.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 3.2 How to assign the AID of AIDA AD

#### 3.2.1 eDMA

This section aims to illustrate the domain assignment for FSS.COSS.eDMA.

As mentioned earlier, AIDA\_AD uses a direct index selection method to hit the entry and retrieve the corresponding DID.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

For example, FSS.XRDC\_AIDA\_AD7 (associated with FSS.COSS.eDMA0) supports up to 64 entries (indexed from 0 to 63) for both CIDR and DIDCR. This means each channel of FSS.COSS.eDMA0 is allocated two entries for CIDR and DIDCR, allowing each channel to be assigned to up to two different domains simultaneously under different scenarios.

There are two approaches to achieve this goal. One is to configure it directly within the FSS project. The other is to assign entry ownership to a specific cohort and configure its domain within the CM project. In the FSS project, the eDMA0.CH2 default be assigned to Domain 9.



Based on the default configuration, FSS.COSS.eDMA0 is assigned to Cohort 2. The next step is to switch to Cohort 2 and further assign it to the appropriate domain.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

#### The goal is to:

- Assign FSS.COSS.eDMA0.CH2 to Domain 5.
- Ensure FSS.COSS.eDMA0.CH2 grants access to CRS.SRAM1

#### Steps are listed:

- 1. Navigate to the Domain Config tab under the module Rem Cm in project S32N5 RTU0 R52 0 VIP App.
- 2. Add an entry for Domain 5.
- 3. Configure the match settings for Domain 5. Go to the RemCmAidaDomainConfig tab and add an entry with the following parameters:
  - a. AIDA master: COSS\_XRDC\_eDMA0
  - b. Index: 4
- 4. Assign slot 5 of XRDC.CRS.SRAM1 to Cohort 2. Navigate to the tab Cohorts configuration. Add an entry with index 5 to Cohort 2, which is located at RTU0\_AppCohort-> Subsystems configuration(Subsystem CRS)->MIDAC configuration(XRDC4\_PIDAC2)->Slots configuration.
- 5. Configure the attributes of Slot 5 in XRDC.CRS.SRAM1. Return to the Rem\_Cm module in the project S32N5\_RTU0\_R52\_0\_VIP\_App, and navigate to the XRDC Memory Config tab. Add a new entry with the following parameters:
  - a. Memory Region: CRS XRDC AXI SRAM 1
  - b. Slot Index: 5
  - c. Allow Update Address Range: True
  - d. Cohort Region select: 31
  - e. Start Address: 0x25E8 0000
  - f. End Address: 0x25E8\_1FFF
- 6. Link the memory to Domain 5. Return to the configuration page of Domain 5, navigate to the RemCmMidacDomainConfig tab, and add an entry that links to the previously configured memory with R/W permissions.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



Based on the previous configuration, FSS.COSS.eDMA0.CH2 is assigned to Domain 5, and Domain 5 is granted access to the address range 0x25E80\_000~0x25E8\_1FFF of CRS.SRAM1. For example, if the channel is triggered with a start address of 0x25E8\_0000 and an end address of 0x25E8\_1000, the transaction will complete successfully. However, if the channel is triggered with a start address of 0x25E8\_0000 and an end address of 0x25E8\_3000, the write operation will be denied. If the violation alarm is enabled, the violation attributes will be recorded accordingly.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager



## 4 How to assign the peripheral

This section aims to detail how a peripheral can be shared across multiple cohorts or exclusively assigned to a single cohort. It will be divided into multiple subsections to cover different scenarios.

#### 4.1 Share a peripheral among all cohorts

To share a peripheral among all cohorts, the only approach is to assign the cohort policy of the peripheral slot with the OVERRIDE attribute.



#### 4.2 Share a peripheral inside one cohort

Based on GrayVIP's default 6-cohort configuration, try relocating FSS.PIT to Cohort 2 (RTU0) and enable intracohort sharing.

#### 4.2.1 Share a peripheral slot to all domains

To assign a peripheral to a specific cohort and ensure it is inaccessible to other cohorts, follow these main steps:

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

- 1. Navigate to the Cohorts configuration tab under the Fss\_Rem\_Pm module in the project Firmware S32N55 FSS.
- 2. The FSS.PIT default assigned to SBC. Remove the configuration of FSS.PIT, which is located at Subsystems configuration(Subsystem FSS)->PIDAC configuration(XRDC4\_PIDAC2)->Slots configuration(PIT).
- Add FSS.PIT slot to cohort 2, with the cohort policy is NO\_OVERRIDE. Configuration path: Cohorts configuration(RTU0\_AppCohort)->Subsystems configuration(Subsystem FSS)->PIDAC configuration(XRDC4\_PIDAC2)->Slots configuration(PIT).



According to the description of FSS.PIDAC, the FSS.PIT peripheral is associated with XRDC PIDAC PERIPH IPS3.Slot0.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



## Figure 16. PIDAC instance of FSS.PIT

#### Therefore:

- Its Cohort ID Entry register is B0 OCIDR0.OCID S No.
- Its slot-related registers (Cohort Access Control Word 0–3) are CAAC\_CR\_B0\_S0\_W0 to CAAC\_CR\_B0\_S0\_W3.



#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



From the debug tool's register view, the slot is associated with FSS.PIT belongs to Cohort 2, with the policy set to NO\_OVERRIDE, and the "no visitor" attribute enabled—meaning it does not allow access from any external entities.

At the same time, this slot is accessible within the same cohort through CAAC\_CR\_B0\_S0\_W0 and CAAC\_CR\_B0\_S0\_W1:

- CAAC CR B0 S0 W0 enables read access for all domains.
- CAAC CR B0 S0 W1 enables write access for all domains.

The registers CAAC\_CR\_B0\_S0\_W0 and CAAC\_CR\_B0\_S0\_W1 are automatically asserted when a non-zero modification is made to B0\_OCIDR0.OCID\_S\_N0.

#### 4.2.2 Assign a peripheral slot to one or multiple domains

This section is based on the configuration of Fss\_Rem\_Pm in the previous section.

Here are the steps:

- 1. Navigate to the XRDC Peripheral Config tab under the Rem\_Cm module in the project S32N5 RTU0 R52 0 VIP App.
- 2. Add a new configuration named FSS\_PIT as shown below. The visitor attribute will not take effect if OCIDR.NV is asserted, which is configured in the Fss\_Rem\_Pm module.
- 3. Navigate to the Domain Config tab.
- 4. Add RemCmPidacDomainConfig of FSS PIT to Domain 1 and enable its read and write permissions.
  - a. Open XRDC4 DOMAIN1 entry.
  - b. Navigate to the RemCmPidacDomainConfig tab.
  - c. Add an entry and link it to the Domain Peripheral Assignment of FSS\_PIT. Enable both read and write permissions.

Note: If a peripheral is never linked to any domain(without steps 3 and 4), it will deny all access attempts.

**Note:** If a peripheral requires access from multiple inner-cohort domains, you need to repeat Step 4 to configure each domain individually.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager



After completing these configurations and once RTU0\_R52\_0 finishes executing the Rem\_Cm\_Init function, the peripheral slot for FSS\_PIT can only be accessed by AID 2.1.

Both RTU0\_R52\_0 and RTU0\_R52\_2 are associated with AID 2.1, so these two initiators are allowed to access FSS\_PIT.

In contrast, RTU0\_R52\_3 is assigned to Domain 3. Therefore, its access to FSS\_PIT is denied by XRDC.

The corresponding slot-related register values are shown below.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 4.3 Share a peripheral between two cohorts

For a peripheral slot, only one outer-cohort visitor is allowed. In other words, if the cohort policy of the peripheral slot is not set to OVERRIDE, the peripheral can only be accessed by two cohorts at most.

The steps for enabling a visitor are listed below:

- 1. Deassert the NV attribute of the peripheral slot in the Fss Rem Pm module.
- 2. Enable the VEN attribute in the Rem Cm module.
- 3. Enable the VAID WP and VAID RP, depending on write and read access requirements.
- 4. Fill in the VCID and VDID fields to ensure that the corresponding initiator is granted access rights.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



In this example, the granted initiator is associated with AID 1.1, which means FSS\_PIT can be accessed by domain 1 of cohort 1.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager

## 5 How to assign the memory

#### 5.1 Share memory among all cohorts

There are two ways to share memory among all cohorts:

- 1. Ensure that all transactions match a slot that grants access to all cohorts.
- 2. Configure multiple slots to allow each cohort access individually.

In this section, the first method will be chosen to share memory across all cohorts. As previously mentioned, the slot with the lowest index—where the OCID or visitor CID matches the transaction CID and the address region bounds the transaction address—will be selected. Furthermore, if the Cohort Policy of the region associated with that slot is set to OVERRIDE, the slot will also be selected for all initiators. Therefore, it is preferable to choose the first memory slot that has the OVERRIDE attribute.

The goal is to: share RTU1.CRAM6 among all cohorts.

#### Steps are listed:

- 1. Navigate to the Cohorts configuration tab under the Fss\_Rem\_Pm module in the project Firmware\_S32N55\_FSS.
- Adaptions for RTU1.MIDAC.CRAM6 in Cohort 0. Go to SBC\_Cohort0->Subsystems configuration(RTU1)->MIDAC configuration(XRDC4\_MIDAC12)->Cohort regions configuration. Add a new entry for the region with below configurations:
  - a. Cohort region index: 0
  - b. Cohort region start address: 0x0
  - c. Cohort region end address: 0xFFFF FFFF
  - d. Cohort policy: OVERRIDE
- 3. Add a new entry for slot:
  - a. Slot index: 0
  - b. Cohort region select: 0
  - c. Domain start address: 0x3BE8\_0000
  - d. Domain end address: 0x3BFF\_FFFF
- 4. Remove the duplicate slot and region configuration for RTU1.MIDAC.CRAM6 from other cohort configuration pages.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 5.2 Share memory inside one cohort

This section demonstrates how to share memory within a single cohort. In the previous section, RTU1.CRAM6 was configured to be accessible by all initiators. First, the Cohort Policy for that configuration needs to be changed to NO\_OVERRIDE. After this change, RTU1.CRAM6 will only be accessible by Cohort 0 and will follow a set of XRDC rules. Finally, Cohort 2 (RTU0) will be granted a series of permissions to access RTU1.CRAM6.

#### 5.2.1 Share a memory among all domains

The objective is to grant Cohort 2 access to RTU1.CRAM6.

Steps are listed:

- Navigate to the Cohorts configuration tab under the Fss\_Rem\_Pm module in the project Firmware S32N55 FSS.
- 2. Change the Cohort Policy from OVERRIDE to NO OVERRIDE in Cohort 0.
- 3. After the change, RTU1.CRAM6 can only be accessed by Cohort 0.
- 4. Add permission of RTU1.CRAM6 to Cohort 2. Go to Cohorts configuration(RTU0\_AppCohort)-> Subsystems configuration(RTU1)->MIDAC configuration(XRDC4\_MIDAC12)->Cohort regions configuration. Add a new region entry:
  - a. Cohort region index: 2(In this case, due to the automatic update mechanism, Region 2 is assigned to Cohort 2.)
  - b. Cohort region start address: 0x0
  - c. Cohort region end address: 0xFFFF\_FFFF
  - d. Cohort policy: NO OVERRIDE
- 5. Add a new slot entry.
  - a. Slot index: 1

**Note:** The slot will automatically link to Region 2, as it belongs to Cohort 2. If Region 2 does not belong to Cohort 2, the slot becomes invalid.

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 5.2.2 Assign a memory to one or multiple domains

Based on the above configurations, all domains in Cohort 2 have the read and write permissions for RTU1.CRAM6. Next, we will demonstrate how to control memory access for different domains, while also narrowing down the accessible memory regions.

The goal is to grant the AID 2.1 to access the memory, and memory range narrowing down with 0x3BF0 0000~0x3BFF FFFF.

#### Steps are listed:

- 1. Navigate to the XRDC Memory Config tab under the Rem\_Cm module in the project S32N5\_RTU0\_R52\_0\_VIP\_App.
- 2. Add a new entry named with RemCmXrdcMemoryConfig RTU1 CRAM6:
  - a. Memory Region: RTU1\_Xrdc\_Axim\_Sram6\_Cram6
  - b. Slot index: 1

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

- c. Allow Update Address Range: asserted
- d. Cohort region select: 2
- e. Start Address: 0x3BF0 0000
- f. End Address: 0x3BFF\_FFFF
- g. RBP Enable: deasserted
- h. Allow Update Visitor Info: deasserted

**Note:** The selected region MUST be assigned to its own cohort, otherwise the slot will be excluded by deasserting SVLD.

- 1. Navigate to the Domain Config tab.
- 2. Add RemCmMidacDomainConfig to Domain 1 and enable its read and write permissions.
  - a. Open XRDC4\_DOMAIN1 entry.
  - b. Navigate to the RemCmMidacDomainConfig tab.
  - c. Add an entry and link it to the Domain Memory Assignment of RTU1.CRAM6. Enable both read and write permissions

Note: If a memory is never linked to any domain(without steps 3 and 4), it will deny all access attempts.

**Note:** If a memory requires access from multiple inner-cohort domains, you need to repeat Step 4 to configure each domain individually.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 5.3 Share memory between multiple cohorts

PIDAC provides only one method for sharing a peripheral between two cohorts, which is through the visitor mechanism. In contrast, there are two approaches to sharing memory across multiple cohorts. One method is to assign different slot entries to each cohort, and the other is to use the visitor mechanism associated with the slot.

Based on the previous configuration, the CRS core cannot access RTU1.CRAM6. In this section, we will demonstrate how to grant the CRS core access to RTU1.CRAM6 using the two approaches mentioned above.

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

## 5.3.1 The method of the multiple slot entry

The goal is to grant CRS access to RTU1.CRAM6 with address range 0x3BE8\_0000~0x3BEF\_FFFF and 0x3BF0\_0000~0x3BFF\_FFFF.

#### Steps are listed:

- 1. Navigate to the Cohorts configuration tab under the Fss\_Rem\_Pm module in the project Firmware S32N55 FSS.
- 2. Add permission of RTU1.CRAM6 to Cohort 1. Go to Cohorts configuration(RTU0\_AppCohort)-> Subsystems configuration(RTU1)->MIDAC configuration(XRDC4\_MIDAC12)->Cohort regions configuration. Add a new region entry:
  - a. Cohort region index: 1
  - b. Cohort region start address: 0x3BE8 0000
  - c. Cohort region end address: 0x3BEF FFFF
  - d. Cohort policy: NO\_OVERRIDE
- 3. Add a new slot entry.
  - a. Slot index: 2



#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



#### 5.3.2 The method of the visitor mechanism

After completing the configuration in the previous section, the CRS core can access RTU1.CRAM6 within the address range 0x3BE8\_0000 to 0x3BEF\_FFFF. Next, we will demonstrate how to share the address range 0x3BF0\_0000 to 0x3BFF\_FFFF using the visitor mechanism.

#### Steps are listed:

- 1. Navigate to the Fss\_Rem\_Pm module. Go to Cohorts configuration(RTU0\_AppCohort)-> Subsystems configuration(RTU1)->MIDAC configuration(XRDC4\_MIDAC12)->Cohort regions configuration(Cohort RegionConfig 0). Ensure that the "Cohort Region No Visitor" attribute is deasserted.
- 2. Navigate to the XRDC Memory Config tab under the Rem\_Cm module in the project S32N5\_RTU0\_R52\_0\_VIP\_App.
- 3. Modify the RemCmXrdcMemoryConfig\_RTU1\_CRAM6 entry:
  - a. Allow Update Visitor Info: asserted
  - b. Visitor Access CID: 0x1
  - c. Visitor Access DID: 0x1
  - d. Visitor enable: asserted
  - e. Visitor write permission: asserted
  - f. Visitor read permission: asserted

S32N55: Managing Isolation and XRDC Configuration via Domain Manager



When the CM of Cohort 2 completes the XRDC initialization by calling the Rem\_Cm\_Init() function, the CRS core is granted access to RTU1.CRAM6 within the address range 0x3BF0\_0000 to 0x3BFF\_FFFF via the visitor mechanism.



S32N55: Managing Isolation and XRDC Configuration via Domain Manager



## 6 Acronyms and abbreviations

Table 9. Acronyms and abbreviations

| Abbreviation | Explanation                          |
|--------------|--------------------------------------|
| UENV         | Uniform Environment                  |
| PM           | Partition Manager                    |
| СМ           | Cohort Manager                       |
| FSS          | Foundation Subsystem                 |
| PaCo         | Partition Contract                   |
| CoDef        | Cohort Definition                    |
| PIDAC        | Peripheral Identifier Access Control |
| MIDAC        | Memory Identifier Access Control     |
| AIDA         | Access ID assignment                 |
| AID          | Access Identifier                    |
| SBC          | System Base Cohort                   |

S32N55: Managing Isolation and XRDC Configuration via Domain Manager

#### 7 References

- S32N55 Reference Manual.pdf
- · FSS FW UserManual.pdf

#### 8 Note about the source code in the document

The example code shown in this document has the following copyright and BSD-3-Clause license:

Copyright 2025 NXP Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

- 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials must be provided with the distribution.
- 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

## 9 Revision history

Table 10. Revision history

| Document ID   | Release date | Description     |
|---------------|--------------|-----------------|
| AN14892 v.1.0 | 17 Dec 2025  | Initial release |

#### S32N55: Managing Isolation and XRDC Configuration via Domain Manager

## **Legal information**

#### **Definitions**

**Draft** — A draft status on a document indicates that the content is still under internal review and subject to formal approval, which may result in modifications or additions. NXP Semiconductors does not give any representations or warranties as to the accuracy or completeness of information included in a draft version of a document and shall have no liability for the consequences of use of such information.

#### **Disclaimers**

Limited warranty and liability — Information in this document is believed to be accurate and reliable. However, NXP Semiconductors does not give any representations or warranties, expressed or implied, as to the accuracy or completeness of such information and shall have no liability for the consequences of use of such information. NXP Semiconductors takes no responsibility for the content in this document if provided by an information source outside of NXP Semiconductors.

In no event shall NXP Semiconductors be liable for any indirect, incidental, punitive, special or consequential damages (including - without limitation - lost profits, lost savings, business interruption, costs related to the removal or replacement of any products or rework charges) whether or not such damages are based on tort (including negligence), warranty, breach of contract or any other legal theory.

Notwithstanding any damages that customer might incur for any reason whatsoever, NXP Semiconductors' aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms and conditions of commercial sale of NXP Semiconductors.

Right to make changes — NXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof.

Suitability for use — NXP Semiconductors products are not designed, authorized or warranted to be suitable for use in life support, life-critical or safety-critical systems or equipment, nor in applications where failure or malfunction of an NXP Semiconductors product can reasonably be expected to result in personal injury, death or severe property or environmental damage. NXP Semiconductors and its suppliers accept no liability for inclusion and/or use of NXP Semiconductors products in such equipment or applications and therefore such inclusion and/or use is at the customer's own risk.

**Applications** — Applications that are described herein for any of these products are for illustrative purposes only. NXP Semiconductors makes no representation or warranty that such applications will be suitable for the specified use without further testing or modification.

Customers are responsible for the design and operation of their applications and products using NXP Semiconductors products, and NXP Semiconductors accepts no liability for any assistance with applications or customer product design. It is customer's sole responsibility to determine whether the NXP Semiconductors product is suitable and fit for the customer's applications and products planned, as well as for the planned application and use of customer's third party customer(s). Customers should provide appropriate design and operating safeguards to minimize the risks associated with their applications and products.

NXP Semiconductors does not accept any liability related to any default, damage, costs or problem which is based on any weakness or default in the customer's applications or products, or the application or use by customer's third party customer(s). Customer is responsible for doing all necessary testing for the customer's applications and products using NXP Semiconductors products in order to avoid a default of the applications and the products or of the application or use by customer's third party customer(s). NXP does not accept any liability in this respect.

Terms and conditions of commercial sale — NXP Semiconductors products are sold subject to the general terms and conditions of commercial sale, as published at https://www.nxp.com/profile/terms, unless otherwise agreed in a valid written individual agreement. In case an individual agreement is concluded only the terms and conditions of the respective agreement shall apply. NXP Semiconductors hereby expressly objects to applying the customer's general terms and conditions with regard to the purchase of NXP Semiconductors products by customer.

**Export control** — This document as well as the item(s) described herein may be subject to export control regulations. Export might require a prior authorization from competent authorities.

Suitability for use in non-automotive qualified products — Unless this document expressly states that this specific NXP Semiconductors product is automotive qualified, the product is not suitable for automotive use. It is neither qualified nor tested in accordance with automotive testing or application requirements. NXP Semiconductors accepts no liability for inclusion and/or use of non-automotive qualified products in automotive equipment or applications.

In the event that customer uses the product for design-in and use in automotive applications to automotive specifications and standards, customer (a) shall use the product without NXP Semiconductors' warranty of the product for such automotive applications, use and specifications, and (b) whenever customer uses the product for automotive applications beyond NXP Semiconductors' specifications such use shall be solely at customer's own risk, and (c) customer fully indemnifies NXP Semiconductors for any liability, damages or failed product claims resulting from customer design and use of the product for automotive applications beyond NXP Semiconductors' standard warranty and NXP Semiconductors' product specifications.

**HTML publications** — An HTML version, if available, of this document is provided as a courtesy. Definitive information is contained in the applicable document in PDF format. If there is a discrepancy between the HTML document and the PDF document, the PDF document has priority.

**Translations** — A non-English (translated) version of a document, including the legal information in that document, is for reference only. The English version shall prevail in case of any discrepancy between the translated and English versions.

Security — Customer understands that all NXP products may be subject to unidentified vulnerabilities or may support established security standards or specifications with known limitations. Customer is responsible for the design and operation of its applications and products throughout their lifecycles to reduce the effect of these vulnerabilities on customer's applications and products. Customer's responsibility also extends to other open and/or proprietary technologies supported by NXP products for use in customer's applications. NXP accepts no liability for any vulnerability. Customer should regularly check security updates from NXP and follow up appropriately. Customer shall select products with security features that best meet rules, regulations, and standards of the intended application and make the ultimate design decisions regarding its products and is solely responsible for compliance with all legal, regulatory, and security related requirements concerning its products, regardless of any information or support that may be provided by NXP.

NXP has a Product Security Incident Response Team (PSIRT) (reachable at <a href="PSIRT@nxp.com">PSIRT@nxp.com</a>) that manages the investigation, reporting, and solution release to security vulnerabilities of NXP products.

**NXP B.V.** — NXP B.V. is not an operating company and it does not distribute or sell products.

#### **Trademarks**

Notice: All referenced brands, product names, service names, and trademarks are the property of their respective owners.

NXP — wordmark and logo are trademarks of NXP B.V.

AN14892

All information provided in this document is subject to legal disclaimers.

© 2025 NXP B.V. All rights reserved.

## S32N55: Managing Isolation and XRDC Configuration via Domain Manager

## **Tables**

| Tab. 1.<br>Tab. 2. | Inputs of FSS6 Inputs of FSS.eDMA7            | Tab. 6.<br>Tab. 7. | Details of Access Violation AlarmPIDAC Instance |    |
|--------------------|-----------------------------------------------|--------------------|-------------------------------------------------|----|
| Tab. 3.            | Inputs of FSS.COSS.eDMA7                      | Tab. 8.            | MIDAC Instance                                  |    |
| Tab. 4.            | Inputs of CRS.NETC7                           | Tab. 9.            | Acronyms and abbreviations                      |    |
| Tab. 5.            | AIDA Instance 8                               | Tab. 10.           | Revision history                                | 39 |
| Figur              | res                                           |                    |                                                 |    |
| Fig. 1.            | Application cohort diagram2                   | Fig. 18.           | Configuration for sharing a peripheral to       |    |
| Fig. 2.            | Subsystem diagram3                            |                    | one domain                                      | 26 |
| Fig. 3.            | Resource accessing5                           | Fig. 19.           | Registers of PIDAC when assigning a             |    |
| Fig. 4.            | AIDA engine diagram6                          |                    | peripheral to one domain                        | 27 |
| Fig. 5.            | Access process of PIDAC9                      | Fig. 20.           | Configuration for sharing a peripheral via a    |    |
| Fig. 6.            | Access process of MIDAC12                     |                    | visitor                                         | 27 |
| Fig. 7.            | Configuration for assigning the AID to CRS 14 | Fig. 21.           | Registers of PIDAC when assigning a             |    |
| Fig. 8.            | Registers of CRS.AIDA_CR16                    |                    | peripheral between two cohorts                  | 28 |
| Fig. 9.            | Configuration for assigning the AID to RTU17  | Fig. 22.           | Configuration for sharing memory among          |    |
| Fig. 10.           | Register of RTU0.AIDA_CR318                   |                    | all cohorts                                     | 29 |
| Fig. 11.           | Configuration of FSS.COSS.eDMA0 in FSS        | Fig. 23.           | Configuration for sharing memory inside         |    |
|                    | project19                                     |                    | one cohort in the Fss_Rem_Pm module             | 31 |
| Fig. 12.           | Configuration of FSS.COSS.eDMA0 in            | Fig. 24.           | Configuration for sharing memory inside         |    |
|                    | RTU0 project20                                |                    | one cohort in the Rem_Cm module                 | 32 |
| Fig. 13.           | Registers of FSS.XRDC_<br>AD.COSS.eDMA022     | Fig. 25.           | Registers of MIDAC when assigning a             |    |
|                    |                                               |                    | memory to one domain                            | 33 |
| Fig. 14.           | Configuration for sharing the peripheral      | Fig. 26.           | Configuration for sharing memory via the        |    |
|                    | among all cohorts22                           |                    | multiple slot entry                             | 34 |
| Fig. 15.           | Configuration for sharing a peripheral to all | Fig. 27.           | Registers of MIDAC for sharing memory via       |    |
| <b>-</b> : 40      | domains inside one cohort                     | F: 00              | the multiple slot entry                         | 35 |
| Fig. 16.           | PIDAC instance of FSS.PIT24                   | Fig. 28.           | Configuration for sharing memory via the        |    |
| Fig. 17.           | Registers of PIDAC when assigning a           | <b>-</b> : 00      | visitor mechanism                               | 37 |
|                    | peripheral to all domains in one cohort 24    | Fig. 29.           | Registers of MIDAC for sharing memory via       |    |
|                    |                                               |                    | the visitor mechanism                           | 37 |

## S32N55: Managing Isolation and XRDC Configuration via Domain Manager

## **Contents**

| 1      | Overview                                    | 2          |
|--------|---------------------------------------------|------------|
| 2      | Cohort concept and subsystem                | 2          |
| 2.1    | Uniform environment                         | 2          |
| 2.2    | Subsystems                                  | 3          |
| 2.3    | Software components                         | 3          |
| 2.3.1  | Partition manager                           |            |
| 2.3.2  | Cohort manager                              |            |
| 2.3.3  | Hypervisor                                  |            |
| 2.3.4  | EL2 monitor                                 |            |
| 2.3.5  | Virtual machine                             | 5          |
| 2.3.6  | SW resources allocation                     | 5          |
| 2.4    | Hardware components                         | 5          |
| 2.4.1  | AIDA                                        | 5          |
| 2.4.2  | PIDAC                                       | 9          |
| 2.4.3  | MIDAC                                       | 11         |
| 3      | How to assign the AID for an initiator      | 13         |
| 3.1    | How to assign the AID of AIDA_CR            | 13         |
| 3.1.1  | CRS                                         |            |
| 3.1.2  | RTU                                         |            |
| 3.2    | How to assign the AID of AIDA_AD            |            |
| 3.2.1  | eDMA                                        |            |
| 4      | How to assign the peripheral                |            |
| 4.1    | Share a peripheral among all cohorts        |            |
| 4.2    | Share a peripheral inside one cohort        |            |
| 4.2.1  | Share a peripheral slot to all domains      | 22         |
| 4.2.2  | Assign a peripheral slot to one or multiple |            |
|        | domains                                     |            |
| 4.3    | Share a peripheral between two cohorts      |            |
| 5      | How to assign the memory                    |            |
| 5.1    | Share memory among all cohorts              |            |
| 5.2    | Share memory inside one cohort              |            |
| 5.2.1  | Share a memory among all domains            | 30         |
| 5.2.2  | Assign a memory to one or multiple          |            |
|        | domains                                     |            |
| 5.3    | Share memory between multiple cohorts       |            |
| 5.3.1  | The method of the multiple slot entry       |            |
| 5.3.2  | The method of the visitor mechanism         |            |
| 6<br>- | Acronyms and abbreviations                  |            |
| 7      | References                                  | 39         |
| 8      | Note about the source code in the document  | 20         |
| 9      | Revision history                            | აყ         |
| J      | l egal information                          |            |
|        | EGUGI IIIIVIIIIGUVII                        | <b>+</b> V |

Please be aware that important notices concerning this document and the product(s) described herein, have been included in section 'Legal information'.