I have read in one ARM document
The TrustZone Address Space Controller (TZASC) is an AXI component which partitions its slave address range into a number of memory regions. The TZASC can be programmed by Secure software to configure these regions as Secure or Non-secure,and will reject Non-secure transactions to a region that is configured as Secure.
In the highlighted statement it is written that "secure software" will we configuring TZASC.
I want to know that if secure software also includes "Trusted OS" or only Code running in EL3/monitor mode can configure the TZASC.
Thanks
Sahil
Secure software typically implies any software running in secure world. It could be EL3 monitor code, or Secure EL1(Trusted OS) or even Secure EL0(Trusted Apps) that configure the TZASC. The TZASC is unaware of exception levels(EL's) and only cares about the NS bit. So any transaction that is tagged with NS=0 should be able to configure the TZASC. Typically, all secure software accesses to controllers such as TZASC will be tagged as NS=0.
To answer your question directly, secure software also includes Trusted OS and not only code running in EL3/Monitor mode, and they can all configure the TZASC.