Developers should implement and enable trusted execution if it is available on the device’s System-on-Chip (SoC) or CPU.
CWE-693: Protection Mechanism Failure: The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-1233: Improper Hardware Lock Protection for Security Sensitive Controls: The product implements a register lock bit protection feature that permits security sensitive controls to modify the protected configuration.
OWASP Top 10 A6:2017-Security Misconfiguration: Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.5): Verify that trusted execution is implemented and enabled, if available on the device SoC or CPU.