The TF-M Crypto service implements access control for keys based on partition ID. This should be validated by a test that creates a key from one partition and then verifies that attempting to use the same key from a different partition does not succeed.