Does the ARM TrustZone technology support sealing a private key under a code hash?
Yes and no.
Strictly speaking, TrustZone is only a processor feature that provides isolation between tasks via the MMU and the memory bus. You can think of it as a poor man's virtualization: there's just the hypervisor (the TZ secure world) and the regular operating system (the TZ normal world). This architecture allows sensitive data to be manipulated outside the reach of the regular OS, but there's a major hurdle: TrustZone in itself does not provide any way to store data. So you can create a key in the secure world but not store it anywhere.
All high-end ARM processors (such as found on most smartphones and tablets) have TrustZone (it's part of the core processor architecture), but it takes more to make it useful. Some processors include additional features that make TZ useful, in particular a way to store a key. This can take the form of some write-once memory (e.g. fuses, typically a few hundred bits thereof) that is only accessible to TZ secure world code. With a protected runtime environment plus a cryptographic key that is only known to this environment, you can build a TPM-like framework to store and manipulate confidential data including signature keys. The Trusted Computing Group is working on it.
This has been used in several mobile devices, though information (especially reliable information) is scarce. Microsoft's Surface RT tablet is based on an ARM processor and has no discrete TPM chip, but has a Bitlocker implementation that is based on a firmware-based TPM, apparently using TrustZone. Several Android devices by Motorola have security features that use code in TrustZone (of course, using a protected environment is no help if the code that you put there has security holes). You can find proposals for security architectures leveraging TrustZone both in ARM promotional literature and in academic publications.
So with TrustZone and a bit more, you can indeed build a system architecture where a key can be stored in a way that cannot be extracted through purely software means. Hardware means are another matter (unlike smartcards, smartphone processors are not designed to self-destruct when someone scrapes the wrapping of the package).