AFAIK there is no curent, practical "encrypted VM" that can protect itself from the hypervisor. Homomorphic encryption can theoretically do that, but is very slow and unproven right now.
I only glimpsed it some years ago, but I got the impression that "anything the vendor can do, the attacker can circumvent one level deeper", especially as a criticism of TXT:
It's missing a few elements you'd need to build a really awesome secure cloud, though. (actually, intel hardware was missing it)