We present a system architecture for trusted transactions in highly sensitive environments. This architecture takes advantage of techniques provided by the Trusted Computing Group (TCG) to attest the system state of the communication partners, to guarantee that the system is free of malware and that its software has not been tampered with. To achieve meaningful attestation, virtualization is used to establish several different execution environments. The attestation process is limited to a fragment of the software running on the platform, more specifically, to the part requesting access to sensitive data. The Trusted Platform Module (TPM) is virtualized, in order to make it accessible for an execution environment with a higher trust level.