Thanks, Michael and Torsten, for the links.
I think this clarifies for me how TrustZone is used. I was thinking the two L4 servers were the used, one in secure world and one in non-secure world. But looking at these papers and the vm-tz sample code referenced in the TUDOS paper my understanding now is that all the L4 servers run in secure world and the call to l4_vm_run launches Linux in the non-secure world from one of the L4 servers (the VMM in your paper, Torsten).
I was also thinking that L4Linux was run as the non-secure Linux via TrustZone but that was incorrect. L4Linux is for a paravirtualized security split while something like TZ-Linux is used for a full virtualized security split, with L4 as the "Hypervisor". Has TZ-Linux and its associated work been publicly released?
Thank you,