Explain ARM TrustZone architecture and its applications.

ARM TrustZone provides hardware-enforced isolation between secure and non-secure worlds, creating a Trusted Execution Environment (TEE). Architecture (Cortex-A): Two virtual processors (secure, non-secure) share resources. NS bit in CPU state indicates current world. Secure Monitor handles world switches (SMC instruction). Memory, peripherals, interrupts partitioned between worlds. GIC (interrupt controller) assigns interrupts to worlds. TrustZone-M (Cortex-M): Simpler implementation for microcontrollers. Secure/non-secure code separation without hypervisor. Secure gateway veneers for crossing boundaries. Applications: Secure boot and firmware update. Cryptographic key storage and operations. DRM content protection. Secure payment processing. Biometric data handling. Trusted UI for PIN entry. Implementations: OP-TEE (open-source TEE OS), proprietary TEEs. Secure code runs minimal, audited TEE OS while rich OS handles normal operations.