ARM Cortex-M Trustzone (ab)use to isolate third party application

I am new to trustzone on the Cortex-M and am wondering if I can use it to isolate a third party application from a bunch of legacy code. The idea would be to move the legacy code with freertos into the secure side and then launch the third party application as non secure code. The alternative would be to use the MPU and use SVC to implement an API for the third party application (API code needs different MPU settings)

Now I have few questions in this regard:

1. Are there any advantages of using trustzone over using the MPU with SVC calls.
2. From what I read, on is supposed to keep the code in trustzone to a minimum to minimize the attackable surface. What is a usual partitioning between secure/non secure?
3. If I wanted to run threads in the secure and non secure side, how would I go about it? Would one run a single OS/Scheduler and provide an API to the third party side to launch threads, or would one run two OS instances (Since Systick, SVC, and SVCPend are banked this seems feasible, although I am unsure how the scheduling between the two OS's would work)?

I will reference two prior Q/A.

• Develop for ARM TrustZone
• Monitor switch design

The first points to two paradigms for using TrustZone; An API and a co-operative OS. The 2nd question is many nuances of getting a co-operative OS to work under TrustZone. It concentrates on a GIC which is a Cortex-A and not Cortex-M interrupt controller.

Are there any advantages of using trustzone over using the MPU with SVC calls?

So, obviously, if the system is using a co-operative (the secure OS is co-operative and the normal OS is oblivious) multi-tasking, only TrustZone can do this versus an MPU with SVC calls. If the API caller of the SVC is 'user mode' only, then there is no benefit. If the API caller has drivers and other functionality, trustzone allows safer and more secure operation.

From what I read, on is supposed to keep the code in trustzone to a minimum to minimize the attackable surface. What is a usual partitioning between secure/non secure?

The minimum. You ask what is the minimum? It depends on your system.

If I wanted to run threads in the secure and non secure side, how would I go about it? Would one run a single OS/Scheduler and provide an API to the third party side to launch threads, or would one run two OS instances (Since Systick, SVC, and SVCPend are banked this seems feasible, although I am unsure how the scheduling between the two OS's would work)?

This is a co-operative secure OS. Even the secure threads need to 'yield' to the allow the normal OS to run. This can introduce weird delays in the normal world OS. If you can trust the normal world interrupt handlers, then it is much easier. However, some features like TZASC, and an IRQ watchdog maybe needed for this case.

These are the technical details. There is also a much larger effort to get TrustZone functional versus an MPU. There is a balance of performance as well. There are many system requirements which will alter the effort/performance for any particular system. If Trustzone was free to implement correctly, it would always be equivalent or better.