How to get notified when programm-code is being written to and to ensure that only programm code gets executed (using unified memory)?

Question

Background:
On some microcontrollers memory is split into PMEM (programm memory) and DMEM (data memory) with only PMEM being executable (e.g. instructions can't even be fetched from DMEM). PMEM can be changed at runtime for e.g. updates, but that is relatively seldom and can be easily monitored. This is useful to e.g. prevent time-of-check-time-of-use-attacks for attestation.

Question:
My question is how/if it is possible to adapt this to unified memory so that i get notified when there are changes to the executed code (e.g. by malicous actor)?

So while there is one unified memory some part/address-range should store the programm and only that memory-range should be used for instructions.
Basically if the programm-memory-part is being written to/changed i want to get notified and if some part other than the programm-memory-part is somehow getting executed, i also want to get notified.
Is that possible on e.g. common arm-platforms or similar (especially without operating system support)?

(Like one could write code that checks the processors signals for whether its currently writing and whether its writing to a predefined area, right?
With that technology could someone limit executing to the predefined area? Could that maybe be done using a Trusted Execution Environment (e.g. keeping part of the code there or checking from there the other parts)? And would that likely have a very high overhead?)

Edit: So from reading it around it seems like the ARM TrustZone (a trusted execution environment) splits the memory into a secure and a normal/non-secure area, and the secure-area supports setting the MPU while the system is running, with the MPU offering to set some parts of the memory as read-only or/and non executable.
Could one then just set the programm itself as read-only while there is no update, and the rest of the memory as non-executable right? Then one could e.g. take a measurement just at the beginning, but still be sure that at least the code isn't changed (although it wouldn't fully prevent e.g. return-oriented programming stringing together gadgets)?

Further background:
E.g. this paper (On the TOCTOU Problem in Remote Attestation) seems to describe monitoring signals 𝑊𝑒𝑛 (= whether MCU is writing to memory), 𝐷𝑎𝑑𝑑𝑟 (=address for an MCU memory-access), 𝐷𝑀𝐴𝑎𝑑𝑑𝑟 (memory address being accessed by DMA, if any) , and 𝐷𝑀𝐴𝑒𝑛 (= signals that DMA is currently accessing memory) to detect changes to the attested range (AR) of the memory.