A TEE implementation such developed in ARM trustzone OS is a carved out partition isolated from the main OS.
What makes such a TEE secure? Is it the fact that the TEE is accessible only through a small controlled aperture to the processes running in main OS provides?
If somebody runs a full blown OS such as linux kernel as TEE OS, will it become insecure since that linux kernel has large codebase and hence more potential vulnerabilities?
TEE is secure mainly because of the key store is placed directly on the CPU and access to it is limited to security functions of the CPU (SoC). Also, the memory is spitted in between secure and non-secure world. Additionally, the trusted boot is ensured which makes impossible to run another than trusted code on the CPU (SoC). And as you correctly stated, there are various isolation zones making sure the running code can't be hacked somehow.
As far as I know the linux kernel does not support trust zone fully. Also, you would need some trust friendly kernel loader. It would be hard to get it work I would say.
