> a hypervisor does not have to trust the: BIOS, system firmware, or OS that launched it.
I think you need to elaborate on what you mean by "trust" here -- it's a notoriously polysemous word. Certainly if some program's correctness depends on its ability to send packets, then it has to trust the ethernet driver to actually do that. Of course, right now the ethernet driver can also go ahead and read any random piece of host memory that it wants to via DMA -- fixing that would certainly improve things.
> In a TXT style system there is going to be a hypervisor and it protects itself from all of the OS's that it is in control of via hardware protections (basically IOMMU with page protection lists).
Not a critical point, but this is exactly how the kernel works now.
> So when someone exploits that flaw and roots that OS partition then the hypervisor should be able to tell (new executable pages come in to existence or the contents of executable pages change).
We already have NX protection, which does essentially the same thing -- prevents buggy programs from creating new executable code. It helps, but it's by no means a guarantee. There are the clever tricks for accomplishing exploits without generating executable code (return-to-libc and all that), and if you can exploit an environment that contains a JIT or dynamic language runtime then you can perform arbitrary actions without triggering the protections.
So I don't really see how TXT makes that much of a difference.