Abstract This paper presents enCloud, a new aspect‐oriented trusted service migration with SGX‐enabled cloud VM. Addressing the challenge of reconciling end‐to‐end security with VM migration, enCloud incorporates two key aspects: (1) end‐to‐end security for enclave context migration, and (2) VM abstraction for conventional VM context migration. This paper provides a practical guideline with applicable APIs for trusted service migration. In a case study, enCloud demonstrates effective trusted DB service migration on a cloud VM, achieving end‐to‐end security with minimal trust boundaries. The framework supports pre‐copy live VM migration to minimize service downtime. This paper contributes a concise and practical solution in the form of the enCloud framework for secure service migration.