At present, all secure services are run in unprivileged compartments at level 3 isolation.
PSA RoT services need not be limited to unprivileged execution.
Privileged access is needed for specific functionality that is at present mandated to TF-M Core as the only privileged entity but which could be implemented as PSA RoT services.
Enable privileged execution of PSA RoT services in isolation level 3 to avoid unnecessary limitations and unblock privileged PRoT service implementation at level 3 isolation.
Implementation note: PSA RoT service implementation should be limited to bare essentials that do require privileged execution. All other functionality that has no requirement for privileged access to system resources should as a general rule be implemented by unprivileged Application RoT servies.