In modern embedded security architectures, the Trusted Execution Environment (TEE) serves as the fundamental tool for isolation, ensuring that critical assets in applications like Electric Vehicles (EVs) and robotics remain protected from compromised software. However, restricted by current RISC-V specifications for MCUs, implementing this isolation typically imposes a severe penalty on real-time performance due to the prolonged software prologue required for context switching. To resolve this, we present a lightweight 2-mode (M-mode and U-mode) secure-domain-aware RISC-V MCU architecture designed for security-sensitive, real-time applications. This architecture introduces a hardware-managed "Trusted State" (TS) used to dynamically filter valid enhanced Physical Memory Protection (ePMP) entries in U-mode. To eliminate register preservation overhead, the MCU features a dedicated "Snapshot Buffer" for every General Purpose Register (GPR) and Control and Status Register (CSR) subject to backup. Crucially, the hardware captures the execution context into this buffer in a single cycle, allowing the CPU to immediately begin executing the Interrupt Service Routine (ISR). The captured data is then pushed to an SP-based Data Local Memory (DLM) via a 128-bit wide data-path in the background. By overlapping this memory write with the ISR's preamble execution, this design effectively hides the context save time, ensuring the system is seamlessly prepared for nested interrupts. This architecture guarantees hardware-enforced isolation while satisfying the real-time requirement.