The Intel TXT is a complex system designed to provide a hardware layer of security that can prevent software layer changes from resulting in increased access for attackers. Through use of stored hashes of known good states for firmware, bios, and OS loads, TXT can indicate when something has changed outside of a known good state. This is helpful for identifying potential rootkits within an environment.
According to Intel, the use of TXT depends on :
Intel TXT requires a server
system with Intel VT, an Intel TXT-enabled
processor, chipset, ACM, enabled BIOS,
and an Intel TXT-compatible MLE (OS or
hypervisor). In addition, Intel TXT requires
the system to contain a TPM v1.2, as
defined by the Trusted Computing Group
(http://www.trustedcomputinggroup.org), and specific software for some
uses -- https://www.intel.com/content/www/us/en/architecture-and-technology/trusted-execution-technology/trusted-execution-technology-security-paper.html
Now, TXT was initially designed for workstation components where only one OS was truly expected to be used at any given time, barring virtual instances within the host (Type 2 hypervisor). This contrasts starkly to servers which may have several hosts attached to the bare metal through a type 1 hypervisor. This required the creation of a more dynamic TXT system which would evaluate the booting OSs as they launched instead of attempting to read all potential hosts at the initial start.
Going beyond the differences between workstation and server, TXT does not work with all operating systems or all OS configurations. As an example, not all versions of Windows 10 permit the use of intel TXT and device guard:
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-device-guard
As it pertains to the how to configure, it does change depending on your hardware, firmware, and OS selection. See the Intel configuration guide:
https://www.intel.com/content/www/us/en/developer/articles/guide/intel-trusted-execution-technology-intel-txt-enabling-guide.html
