> As long as you believe that Intel correctly implemented the hardware and
> correctly implemented the AC module (and here I define correct to mean it
> implements the semantics of the GETSEC[SENTER] instruction without error)
> then TXT does indeed allow you to know what is running on your computer
Even if I believe that-- and I already discussed some reasons why I shouldn't-- exploit in another layer of the stack will allow an attacker to run something different on my computer. And even if I magically was able to audit all of that software, it still wouldn't tell me anything about what software is running on, for example, my RAID card, or inside my computer mouse.
You can get closer and closer to certainty, but never reach it.