Trusted computing is being developed towards the next-generation active protection and monitoring, which requires that the TPM/TCM has the ability to actively measure and intervene the host system. Unfortunately, traditional TPM/TCM cannot satisfy the requirements in the respects of the architecture and the runtime mechanisms. Trusted execution environment (TEE) technology provides a trusted execution environment and the ability of accessing/controlling the host resources during the run-time, which brings a foundation for the next generation TPM/TCM. However, there are still three main challenges: software architecture, secure storage, and secure communication. This study proposes the design and implementation of TZTCM (TrustZone-based trusted cryptography module), which is a TPM/TCM scheme based on ARM TrustZone. TZTCM adopts several key mechanisms to overcome the three challenges. Firstly, the non-uniform core assigned and asynchronous (NUCAA) system architecture is designed to enable the independent and active operation of TZTCM. Secondly, the secure storage mechanism based on physical unclonable functions (PUF) is designed to guarantee the privacy of data in TZTCM. Thirdly, the secure communication mechanism based on universally unique identifier (UUID) is designed to prevent the channel (between host and TZTCM) from malicious activities. Therefore, TZTCM provides a prototype system of the next-generation TPM/TCM. It is shown that TZTCM has the identical security as a hardware TPM/TCM chip via theoretical analysis. An instance of TZTCM is implemented on an ARM development board (Hikey-board 620), and the runtime test shows that TZTCM can achieve higher performance for cipher computing than traditional TPMs. Compared to current TPMs/TCMs, TZTCM has obvious advantages in many aspects: active safeguard capability, only software/ firmware required, easy update, and low power consumption.