Only identities of the server and the user are authenticated in traditional smart cards based password authentication schemes, but the platform does not be verified, and which cannot provide enough protection on personal information of the user. A mutual authentication scheme based on smart cards and password is proposed under trusted computing, in which hash functions are used to authenticate identities, and remote attestation is used to verify the platform. Analysis showed that our scheme can resist most of the possible attacks, is secure and efficient, and fulfills the designed security goals, such as secure session key agreement, user identity anonymity, password free changing, platform certification updating.