ARM TrustZone. It controls access to various hardware. Other software, including the kernel and baseband isn't supposed to be able to even observe its state. There's a base set of functions which handset vendors can add to. Of course, it has vulnerabilities too.

I haven't heard of any process hardening going on though. Do you have a source for that? I want to learn more about it.