Malware and rootkits are serious security vulnerabilities, and they can be designed to be resistant to anti-viral software, or even totally undetectable. This paper described a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The hardware checks a part of the OS kernel for integrity which in turn checks other parts till we ensure the entire system is free of rootkits. The checker can be extended to encompass all the applications and anti-virus software. Our system can detect illegal modifications to kernel, loadable kernel modules and user applications. It also provides a secure communication line for user interaction to enable legal software updates. Our tests show that we can correctly detect different real-world and synthetic rootkits even though the host kernel is compromised.