The problem with TrustZone is that control of it always resides with a megacorp and never with the owner of the device. It's not that it isn't security at all, but rather that it's security against the owner.

The owner can control Trustzone if the device is shipped with unfused OTP registers.

On Raspberry Pi for example, you can write the hash of your own public key to locations 47-54 of the OTP memory block:

https://www.raspberrypi.com/documentation/computers/raspberr...

Here's the QuickStart for the entire process: https://github.com/raspberrypi/usbboot/blob/master/secure-bo...

Note that the Raspberry Pi does not have a full TrustZone implementation to protect secure mode memory, etc. But it is a widely available device with good documentation and allows developers to experiment with and learn about the basics of TrustZone architecture.

OTP and e-fuses are also evil. Devices should never be forced to become e-waste over them being set "wrong". There should always be a factory reset option that clears everything.

How do you propose patching security vulnerabilities in deployed devices?

Why would that require fuses? You store the firmware in flash, which can be updated to a newer version, restored to the original version or replaced entirely with third party firmware by the device's owner if the OEM fails to patch it, e.g. because they go out of business.