Because it needs isolation to make sure the measurements cannot be manipulated (TOCTOU style of attacks) by anything (e.g. DMA-enabled device).
If you like, you can see this as a firewall for I/O and interrupt - obviously, it's not but you get the picture. VT-d is simply Intel’s term to describe their IOMMU. AMD call it AMD-Vi. The role of this unit is to control Device Memory Access (DMA) and interrupt remapping.
The best way I have to describe it is by using a PCI passthrough example. Here’s my –simplistic – explanation:
If you dedicate a DMA-enabled device to a particular virtual machine, let say your network card, then without proper VT-d protection, this VM would have access to the complete host memory. The VM would be able to break out of the VM container through the view of the network card DMA. Recall that DMA provide a direct and complete memory access (this includes host/vmm memory). If VT-d is correctly implemented, the network card would only have access to the VM memory it is assigned to, nothing else. Yeah, some sort of I/O firewall if this helps.
TXT will only use VT-d to build isolation around what it needs to evaluate: measure code, send those measurements in some TPM protected registers (PCRs) for later use, .e.g., remote attestation, unseal operations.
See this for more info about VT-d.
The second question is very tricky as TXT brings new security capabilities (see below) not security by itself. Security can be created in different way depending how those capabilities are used - it's up to our imagination. PrivateCore vCage is a good example.
- Protected Execution - hardware-based domain separation
- Protected Memory Pages - providing protection against ways memory can be accessed - software, DMA, GPU cards - some caveats with SMM, and AMT
- Sealed Storage - encrypt data based on the environment running or in other words, what has been measured (based on the PCRs values stored in the TPM)
- Protected Input - build a trusted channel between the user and the secured environment - not implemented IFAIK
- Protected Graphics - build a trusted channel between the secured environment and the graphic card - not implemented IFAIK
- Attestation - securely report to other parties what measurements are stored in the TPM (PCRs values), e.g. Remote Attestation aka the quote operation.
See this paper for more info about TXT.