Owing to the lack of security mechanisms for Internet of Things (IoT) devices, the IoT environment faces serious security challenges. However, remote attestation can identify the authenticity and integrity of devices and can also establish trust in IoT devices through a remote mode. Swarm attestation is an extension of remote attestation technology, which can be applied to swarm composed of a large number of devices. Compared with the traditional remote attestation, the swarm attestation liberates the verifier and improves verification efficiency. At present, the swarm attestation is mainly used for static networks, and there is no efficient recovery mechanism for compromised devices. To solve these problems, this study proposes a secure swarm attestation and recovery scheme based on reputation mechanism and Merkle tree. Firstly, we use the reputation mechanism to achieve a many-to-one attestation scheme, which can effectively solve the single point of failure and also trigger the attestation from the device. In addition, the attestation scheme is suitable for semi-dynamic networks. Secondly, we introduce the Merkle tree for measurement, which can quickly and accurately identify the code blocks compromised by malicious software and efficiently recover them. Finally, the security analysis and performance evaluation of the swarm attestation scheme are presented. The results show that the swarm attestation in this study improves the security, and its performance overhead is acceptable.