Integrity measurements provide a means by which dis- tributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the identity of software, but pro- vide no indication of the ongoing status of the system or its data. As a result, a number of significant vulnerabilities can result if the system is not configured and managed care- fully. To improve the management of a system's integrity, we propose a Root of Trust Installation (ROTI) as a foun- dation for high integrity systems. A ROTI is a trusted sys- tem installer that also asserts the integrity of the trusted computing base software and data that it installs to en- able straightforward, comprehensive integrity verification for a system. The ROTI addresses a historically limiting problem in integrity measurement: determining what con- stitutes a trusted system state in a heterogeneous, evolv- ing environment. Using the ROTI, a high integrity system state is defined by its installer, thus enabling a remote party to verify integrity guarantees that approximate classical in- tegrity models (e.g., Biba). In this paper, we examine what is necessary to prove the integrity of the trusted computing base (sCore) of a distributed security architecture, called the Shamon. We describe the design and implementation of our custom ROTI sCore installer and study the costs and ef- fectiveness of binding system integrity to installation in the distributed Shamon. This demonstration shows that strong integrity guarantees can be efficiently achieved in large, di- verse environments with limited administrative overhead.