I've been fixing a bunch of cmse/trustzone bugs in the rust compiler lately, and we now have an RFC that should prepare the way for stabilization:
https://github.com/rust-lang/rfcs/pull/3884
Trustzone isolates code and memory that deals with secrets from other code, so some buggy C library won't leak your sensitive data.