In the embodiment I've seen, it's a ARM M-class core with some special crypto hardware and certain registers that allow the use of crypto keys without software running on the core ever seeing the key. There's a communication channel to the rest of the system, which is completely OS-agnostic.

In Azure Sphere, Windows is nowhere in sight. The device runs a Linux Kernel.