diff --git a/rtos/Thread.cpp b/rtos/Thread.cpp
index 70e20e3d12d..f43d39e3ec9 100644
--- a/rtos/Thread.cpp
+++ b/rtos/Thread.cpp
@@ -43,7 +43,11 @@ extern "C" void thread_terminate_hook(osThreadId_t id)
 
 namespace rtos {
 
-void Thread::constructor(osPriority priority,
+#ifndef MBED_TZ_DEFAULT_ACCESS
+#define MBED_TZ_DEFAULT_ACCESS   0
+#endif
+
+void Thread::constructor(uint32_t tz_module, osPriority priority,
         uint32_t stack_size, unsigned char *stack_mem, const char *name) {
 
     const uintptr_t unaligned_mem = reinterpret_cast<uintptr_t>(stack_mem);
@@ -60,11 +64,17 @@ void Thread::constructor(osPriority priority,
     _attr.stack_size = aligned_size;
     _attr.name = name ? name : "application_unnamed_thread";
     _attr.stack_mem = reinterpret_cast<uint32_t*>(aligned_mem);
+    _attr.tz_module = tz_module;
+}
+
+void Thread::constructor(osPriority priority,
+        uint32_t stack_size, unsigned char *stack_mem, const char *name) {
+    constructor(MBED_TZ_DEFAULT_ACCESS, priority, stack_size, stack_mem, name);
 }
 
 void Thread::constructor(Callback<void()> task,
         osPriority priority, uint32_t stack_size, unsigned char *stack_mem, const char *name) {
-    constructor(priority, stack_size, stack_mem, name);
+    constructor(MBED_TZ_DEFAULT_ACCESS, priority, stack_size, stack_mem, name);
 
     switch (start(task)) {
         case osErrorResource:
diff --git a/rtos/Thread.h b/rtos/Thread.h
index ce245dcc63d..43d9775c1d4 100644
--- a/rtos/Thread.h
+++ b/rtos/Thread.h
@@ -72,7 +72,16 @@ namespace rtos {
  * Memory considerations: The thread control structures will be created on current thread's stack, both for the mbed OS
  * and underlying RTOS objects (static or dynamic RTOS memory pools are not being used).
  * Additionally the stack memory for this thread will be allocated on the heap, if it wasn't supplied to the constructor.
+ *
+ * @note
+ * MBED_TZ_DEFAULT_ACCESS (default:0) flag can be used to change the default access of all user threads in non-secure mode.
+ * MBED_TZ_DEFAULT_ACCESS set to 1, means all non-secure user threads have access to call secure functions.
+ * MBED_TZ_DEFAULT_ACCESS set to 0, means none of the non-secure user thread have access to call secure functions,
+ * to give access to particular thread used overloaded constructor with `tz_module` as argument during thread creation.
+ *
+ * MBED_TZ_DEFAULT_ACCESS is target specific define, should be set in targets.json file for Cortex-M23/M33 devices.
  */
+
 class Thread : private mbed::NonCopyable<Thread> {
 public:
     /** Allocate a new thread without starting execution
@@ -81,14 +90,36 @@ class Thread : private mbed::NonCopyable<Thread> {
       @param   stack_mem      pointer to the stack area to be used by this thread (default: NULL).
       @param   name           name to be used for this thread. It has to stay allocated for the lifetime of the thread (default: NULL)
 
+      @note Default value of tz_module will be MBED_TZ_DEFAULT_ACCESS
       @note You cannot call this function from ISR context.
     */
+
     Thread(osPriority priority=osPriorityNormal,
            uint32_t stack_size=OS_STACK_SIZE,
            unsigned char *stack_mem=NULL, const char *name=NULL) {
         constructor(priority, stack_size, stack_mem, name);
     }
 
+    /** Allocate a new thread without starting execution
+      @param   tz_module      trustzone thread identifier (osThreadAttr_t::tz_module)
+                              Context of RTOS threads in non-secure state must be saved when calling secure functions.
+                              tz_module ID is used to allocate context memory for threads, and it can be safely set to zero for
+                              threads not using secure calls at all. See "TrustZone RTOS Context Management" for more details.
+      @param   priority       initial priority of the thread function. (default: osPriorityNormal).
+      @param   stack_size     stack size (in bytes) requirements for the thread function. (default: OS_STACK_SIZE).
+      @param   stack_mem      pointer to the stack area to be used by this thread (default: NULL).
+      @param   name           name to be used for this thread. It has to stay allocated for the lifetime of the thread (default: NULL)
+
+      @note You cannot call this function from ISR context.
+    */
+
+    Thread(uint32_t tz_module, osPriority priority=osPriorityNormal,
+           uint32_t stack_size=OS_STACK_SIZE,
+           unsigned char *stack_mem=NULL, const char *name=NULL) {
+        constructor(tz_module, priority, stack_size, stack_mem, name);
+    }
+
+
     /** Create a new thread, and start it executing the specified function.
       @param   task           function to be executed by this thread.
       @param   priority       initial priority of the thread function. (default: osPriorityNormal).
@@ -433,6 +464,11 @@ class Thread : private mbed::NonCopyable<Thread> {
                      uint32_t stack_size=OS_STACK_SIZE,
                      unsigned char *stack_mem=NULL,
                      const char *name=NULL);
+    void constructor(uint32_t tz_module,
+                     osPriority priority=osPriorityNormal,
+                     uint32_t stack_size=OS_STACK_SIZE,
+                     unsigned char *stack_mem=NULL,
+                     const char *name=NULL);
     static void _thunk(void * thread_ptr);
 
     mbed::Callback<void()>     _task;