MCUs with hardware-enforced security partitioning — primarily Cortex-M33/M35P/M55/M85 with Arm TrustZone-M, plus similar mechanisms in RISC-V (PMP/sPMP). Enables secure/non-secure world separation for cryptographic key storage, secure boot, and Trusted Firmware-M services. Pairs directly with EU CRA security requirements.
For any new CRA-relevant product, pilot a TrustZone-M-enabled MCU early in the architecture phase to surface the partitioning constraints before they become last-minute pain. Use TF-M as the starting point for secure services rather than rolling your own.
Pairs with #24 EU CRA Compliance, #4 DevSecOps, and #50 MCUboot. PSA Certified attestation is becoming a market requirement for connected products. Why Pilot and not Deploy? The silicon and TF-M reference stack are mature (Cortex-M33 has shipped since 2018), but day-to-day configuration — IDAU/SAU/MPC partitioning, NS-callable veneers, secure/non-secure attribution — still trips teams up, and vendor IDE and SDK support varies sharply. Most embedded teams in 2026 have not yet shipped a TrustZone-M project. Expect this entry to move to Deploy in the next 12–18 months as the EU CRA enforcement deadline (Dec 2027) approaches and vendor tooling stabilizes.