- ARM TrustZone provides security extensions that create two virtual worlds - a normal world and a secure world. The secure world is meant to protect sensitive assets from the normal world using isolation. - Common mistakes made by developers include missing or incorrect verification of data at security boundaries, enabling debug functionality in release builds, and time-of-check/time-of-use vulnerabilities. - Public vulnerabilities have been found in the TrustZone implementations of various vendors, including issues in Huawei TrustedCore that allowed arbitrary writes to memory and Qualcomm QSEE that allowed zeroing out writable memory.