The secure element can be on the same CPU die as Apple does with the SEP but a device with only TrustZone wouldn't meet the requirements. It also needs to be a high quality implementation providing the expected features.