Abstract: To solve problems of trustworthiness of a single virtual computing node in cloud computing environment and the maintenance of trust relationship among multiple nodes during the migration process, based on trusted platform control module (TPCM), the trusted root of trusted computing technology in China, a method was proposed to construct a trusted virtual execution environment. By virtualizing the TPCM, the virtual trusted root was generated for each virtual computing node in the cloud, and the cloud trusted chain was transferred from the physical node to the virtual node. For the dynamic migration characteristics of cloud virtual computing nodes, based on multi-level certificate authority (CA), a mechanism for certificate generation and management suitable for virtual root migration was designed, and a virtual root dynamic trusted migration scheme was proposed, which guaranteed the maintenance of trust relationship among multiple nodes in the migration process. Experimental results show that the scheme proposed can construct a virtual trusted execution environment and realize the dynamic trusted migration of virtual trusted roots.