Your question switches from TPM to TrustZone midway. Those are different technologies, providing different functionality, with different security properties, and available on different (largely disjoint) sets of platforms. What they have in common is that both are computing environments that contain a secret key that's unique to the device they're attached to, and that is protected from the main operating system running on that device.
A TPM is a separate chip that provides a fixed set of services. One of these services is to protect a key at rest by wrapping it with a key that doesn't leave the TPM. To use this key in an application, the application needs to retrieve the key from the TPM, and at that point the key ends up within the main operating system. TPM are pretty much exclusively found attached to x86 processors.
TrustZone (and associated technologies) provides an isolated environment running on the same processor as the device's main operating system. It's possible to use it to protect a key at rest, and also to protect a key at runtime if the key is manipulated by an application running in the TrustZone side of the processor (the trusted execution environment (TEE)). TrustZone is an ARM feature.
A TPM provides a key storage facility. Android provides this facility via the Keymaster service. On many recent Android phones, the keymaster servie is hardware-backed, running in the TrustZone secure world. But in the end the key needs to be retrieved by the application that uses it.
TrustZone potentially offers the additional functionality of running custom applications in the secure world. If you can do that, then you can have a key that doesn't leave the secure world.
Some very recent x86 processors have a similar functionality called SGX. They allow applications to run in a context that's protected from the main operating system.
If you can deploy applications to TrustZone or SGX, the next problem is how to process the data that's encrypted or signed with the key. If that data is exchanged with a server using a secure channel then you may not need to trust the main operating system at all. The subsequent problem, for many applications, is how to establish a relationship with a specific device, i.e. provisioning. That tends to require a somewhat heavy infrastructure.