Using the latest STM32CubeIDE, STM32CubeH5 and NUCLEO-H563ZI with TrustZone disabled.
I put a breakpoint at the first instruction in startup in Reset_Handler. The debugger shows in SFRs, SCB->VTOR_S is 0x8000000 (which is my NSBOOTADD) and SCB->VTOR_NS is 0.
Cortex M-33 TRM says "If the Arm®v8‑M Security Extension is not included all exceptions are Non-secure and only VTOR_NS is used to determine the vector base address.". H563 has Security Extensions implemented but it is disabled. Is that why VTOR_S is used and not VTOR_NS ?
The document titled Arm TrustZone Technology for the Armv8-M Architecture says: "If the Security Extension is implemented, the system starts up in Secure state by default. If the Security Extension is not implemented, the system is always in Non-secure state.". This sounds like TrustZone enable/disable is equivalent to Security Extension implemented/not-implemented, then VTOR_NS should be used.
I have not checked this with an L5 board yet, but in STM32L5 Boot presentation, there is a diagram showing NSBOOTADD connected to INITVTOR, and SECBOOTADD connected to INITVTOR_S. If NSBOOTADD is loaded through INITVTOR, I was expecting it is loading VTOR_NS not VTOR_S.
Or.. is this only a display issue in the IDE ? When TrustZone is disabled, it should not show banked registers but only one register, e.g. VTOR instead of VTOR_S and VTOR_NS. (VTOR is actually the name of the register in the ARMv8-M Arch. Ref. Manual). Naturally, this is not only related to VTOR but all banked registers.