started with Armv9 (2021), ARM Confidential Compute Architecture (CCA) extends the Arm architecture by a new Trusted Execution Environment called realm. A realm is dynamically managed by untrusted software, but preserves the confidentiality and integrity of its contents through a combination of hardware and software mechanisms. memory can be encrypted but it is not default. TLDR you can run code in realm that are isolated from the rest of the system[1]