Is it possible to use the MPU to configure the Peripheral Memory Space as Execute?
It looks possible via the MPU_RBAR.XN bit.
If this is the case, is it fair to say that TrustZone aware select gates need to monitor HPROT[0] or PPROT[2] and block the transaction if it is an instruction fetch?
by the way, for those interested, ARM does offer training on developing SW for TrustZone for ARMv8-M
https://developer.arm.com/support/training