Provisioning keys for virtual machine secure enclaves

What is claimed is: 1. At least one non-transitory machine accessible storage medium having code stored thereon, the code when executed on a machine, causes the machine to: identify a launch of a particular virtual machine on a host computing system, wherein the particular virtual machine is launched to comprise a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine; generate, using a secure migration enclave hosted on the host computing system, a root key for the particular virtual machine, wherein the root key is to be used in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation; and register the root key with a virtual machine registration service. 2. The storage medium of claim 1 , wherein the code is further executable to: participate in migration of an image of the particular virtual machine to another host computing system; establish a secure communication channel between the migration enclave of the host computing system with a migration enclave of the other host computing system; and send the root key to the migration enclave of the other host computing system over the secure communication channel in association with migrating the virtual image to the other host computing system. 3. The storage medium of claim 2 , wherein the code is further executable to: receive data from the migration enclave of the other host computing system; determine from the data that the migration enclave of the other host computing system complies with a migration policy associated with the particular virtual machine. 4. The storage medium of claim 3 , wherein the root key is communicated to the migration enclave of the other host computing system based on determining that the migration enclave of the other host computing system complies with the migration policy. 5. The storage medium of claim 3 , wherein registering the root key with a virtual machine registration service comprises identifying the migration policy to the virtual machine registration service. 6. The storage medium of claim 2 , wherein the image comprises secret data encrypted using a sealing key derived from the root key. 7. The storage medium of claim 1 , wherein the code is further executable to store the root key in a control data structure included in secure memory of the host computing system. 8. The storage medium of claim 7 , wherein access to the control data structure is limited to the migration enclave. 9. The storage medium of claim 1 , wherein generation of the root key comprises creating the root key at the migration enclave. 10. The storage medium of claim 1 , wherein generating the root key comprises: sending a request for a root key from the migration enclave to the virtual machine registration service; and receiving the root key at the migration enclave from the virtual machine registration service over a secure channel, wherein the root key comprises a pre-generated key and registering the root key comprises identifying that the particular virtual machine is to be associated with the request and the received root key. 11. The storage medium of claim 1 , wherein the migration enclave is to generate and control access to a respective root key for each one of a plurality of virtual machines hosted on the host computing system, and the plurality of virtual machines comprises the particular virtual machine. 12. The storage medium of claim 1 , wherein registering the root key comprises sending quote data to the virtual machine registration service, the quote data comprises the root key and a migration policy to be associated with the root key, and the at least a portion of the quote data is signed by a hardware-based key of the host computing system. 13. At least one non-transitory machine accessible storage medium having code stored thereon, the code when executed on a machine, causes the machine to: receive, over a secure communication channel, quote data from a secure migration enclave hosted on a particular host computing system, wherein at least a portion of the quote data is signed by a hardware based key of the particular host computing system and the quote data comprises a copy of a root key generated by the migration enclave for a particular virtual machine to be hosted on the particular host computing system; determine that the migration enclave is a trusted enclave based on the quote data; associate the root key with the particular virtual machine based on determining that the migration enclave is a trusted enclave; generate a certificate for the root key; and send data to the migration enclave to indicate that the root key is registered with a registration system. 14. The storage medium of claim 13 , wherein the quote data identifies one or more attributes of the migration enclave and a migration policy for the particular virtual machine, and the migration policy identifies rules for migrating the particular virtual machine to other host computing systems. 15. The storage medium of claim 13 , wherein the code is further executable to identify a platform attestation service corresponding to the particular host computing system, wherein the platform attestation service hosts certificates corresponding to root keys of a set of systems comprising the particular host computing system; send a request comprising at least the signed portion of the quote data to the platform attestation service; and receive a validation result from the platform attestation service indicating whether the quote data was signed by a valid key of the particular host computing system, wherein determining that the migration enclave is a trusted enclave is based on the validation result. 16. The storage medium of claim 13 , wherein the code is further executable to provide the certificate to an attestation service and identify that the certificate corresponds to the particular virtual machine, wherein the attestation service is to use the certificate to determine authenticity of quote data generated for the particular virtual machine based on the root key. 17. A system comprising: a processor; a memory comprising encrypted memory; a virtual machine manager to initiate launch of a virtual machine on a particular host computer, wherein the virtual machine comprises: one or more applications; and a virtual machine quoting enclave to generate quote data for attestation of one or more aspects of the virtual machine; and a secure migration enclave to: generate a root key for the virtual machine in association with launch of the virtual machine, wherein the root key is to be used in association with provisioning the quoting enclave with an attestation key to be used by the quoting enclave in the attestation; store the root key in a secure control structure in the encrypted memory; and register the root key with a virtual machine registration service. 18. The system of claim 17 , wherein registering the root key comprises sending migration enclave quote data to the virtual machine registration service, and the system further comprises a host quoting enclave provisioned with a host attestation key and configured to generate the migration enclave quote data, wherein the host attestation key is based on a root key of the particular host computer and at least a portion of the migration enclave quote data is signed by the host attestation key. 19. The system of claim 17 , wherein the virtual machine further comprises a key provisioning enclave to: attest to a provisioning