How to schedule Secure/Normal kernels in TrustZone implementation?

I read TZ whitepaper. TZ's software architecture includes normal OS, secure OS, and a monitor that manages switching between two OS. The notion is clear. But how to implement them confuses me.

Running and managing two kernels on a SoC needs mechanism that scheduling two kernels. So we need a hypervisor to hold two kernels? Is it monitor's responsibility?

More questions in this forum