This paper extends the software trustworthiness evidence framework to include the runtime software trustworthiness evidence. To collect software trustworthiness evidence in an objective, genuine and comprehensive way, it proposes a runtime software trustworthiness evidence collection mechanism based on trusted computing technology. Based on the features provided by TPM (trusted platform module), as well as the late launch technology, a trusted evidence collection agent is introduced in an operating system kernel. The agent can securely monitor executing programs and collect their trustworthiness evidence accordingly. The agent also provides some trusted services for programs to collect application specific evidences and guarantees the trustworthiness of these evidences. This mechanism has good scalability to support various applications and software trustworthiness evaluation models. This paper also implements a prototype for the agent based on Linux security model in Linux. Based on the prototype, it studies the trustworthiness evaluation for executing a client program in a distributed computing environment. In this application, the performance of prototype is studied, and the feasibility of this approach is demonstrated.