I am reading about ARM TrustZone. I read that when the Normal World wants a function from the Secure World, they raise SMC exception which makes a transfer to the Secure World. The thing that I did not understand is what prevents any malicious code from raising the SMC exception? if any unauthorized software can cause a transfer to the Secure World then how is the secure world "secure"?

Malicious software can transfer control to the secure world but is unable to manipulate the code in the secure world.

When normal world software request a function from the secure world, the secure world is able to arbitrate whether to perform it or not.

Essentially, if malicious code has taken over the normal world, then its privileges cannot exceed what the normal world code would normally be able to do.