Cross-platform enclave data sealing

What is claimed: 1. A method for distributed sealing of enclave data, comprising: attesting a sealing enclave to a source enclave; receiving enclave data from the source enclave via a first secure communications channel; sealing the enclave data to the sealing enclave; verifying that a destination enclave, which is different from the source enclave and which is different from the sealing enclave, is permitted access to the enclave data based at least in part on a destination identity of the destination enclave that is indicated in an attestation report of the destination enclave corresponding to an abstract identity type that is indicated in a permitted list that is received by the sealing enclave from the source enclave; unsealing the sealed data; and in response to unsealing the sealed data, sending the unsealed data to the destination enclave via a second secure communications channel. 2. The method of claim 1 , further comprising: receiving the attestation report of the destination enclave; and deriving the destination identity from the attestation report of the destination enclave. 3. The method of claim 2 , wherein the permitted list is a list of abstract identity types; and further comprising: receiving a source attestation report of the source enclave; and deriving a permitted identity value from the source attestation report and the abstract identity type that is indicated in the permitted list; and wherein verifying the destination enclave is permitted access includes comparing the permitted identity value with the destination identity. 4. The method of claim 1 : wherein the source enclave is hosted by a first native enclave platform, the sealing enclave is hosted by a second native enclave platform, and the destination enclave is hosted by a third native enclave platform, wherein at least two of the first, second, or third native platforms are not the same, and further comprising: signing a sealing enclave attestation report with a key associated with the second native enclave platform; and verifying integrity of the destination enclave identity with a public key associated with the third native enclave platform. 5. The method of claim 1 , wherein: the source enclave is hosted by a native enclave platform on a first computer, the sealing enclave is hosted by a native enclave platform on a second computer, and the destination enclave is hosted by a native enclave on a third computer; at least two of the first, second, or third computers are not the same; receiving enclave data from the source enclave includes receiving enclave data from the first computer at the second computer; and sending the unsealed data to the destination enclave includes sending the unsealed data from the second computer to the third computer. 6. The method of claim 1 , further comprising: partially completing a secure processing operation in the source enclave; continuing the secure processing operation in the destination enclave; and wherein the enclave data includes state data of the source enclave after partially completing the source operation. 7. The method of claim 1 , wherein the first secure communications channel is secured by encrypting messages with a key generated while attesting the sealing enclave to the source enclave, and further comprising: decrypting the enclave data with the key. 8. A system comprising: memory; and one or more processors coupled to the memory, the one or more processors configured to: attest a sealing enclave to a source enclave; receive enclave data from the source enclave via a first secure communications channel; seal the enclave data to the sealing enclave; verify that a destination enclave, which is different from the source enclave and which is different from the sealing enclave, is permitted access to the enclave data based at least in part on a destination identity of the destination enclave that is indicated in an attestation report of the destination enclave corresponding to an abstract identity type that is indicated in a permitted list that is received by the sealing enclave from the source enclave; unseal the sealed data; and in response to the sealed data being unsealed, send the unsealed data to the destination enclave via a second secure communications channel. 9. The system of claim 8 , wherein the one or more processors are configured to: receive the attestation report of the destination enclave; and derive the destination identity from the attestation report of the destination enclave. 10. The system of claim 9 , wherein the permitted list is a list of abstract identity types; and wherein the one or more processors are configured to: receive a source attestation report of the source enclave; derive a permitted identity value from the source attestation report and the abstract identity type that is indicated in the permitted list; and verify the destination enclave is permitted access by comparing the permitted identity value with the destination identity. 11. The system of claim 8 : wherein the source enclave is hosted by a first native enclave platform, the sealing enclave is hosted by a second native enclave platform, and the destination enclave is hosted by a third native enclave platform, at least two of the first, second, or third native platforms are not the same; and wherein the one or more processors are configured to: sign a sealing enclave attestation report with a key associated with the second native enclave platform; and verify integrity of the destination enclave identity with a public key associated with the third native enclave platform. 12. The system of claim 8 , wherein: the source enclave is hosted by a native enclave platform on a first computer, the sealing enclave is hosted by a native enclave platform on a second computer, and the destination enclave is hosted by a native enclave on a third computer; at least two of the first, second, or third computers are not the same; and wherein the one or more processors are configured to: receive enclave data from the source enclave by receiving enclave data from the first computer at the second computer; and send the unsealed data to the destination enclave by sending the unsealed data from the second computer to the third computer. 13. The system of claim 8 , wherein the one or more processors are configured to: partially complete a secure processing operation in the source enclave; and continue the secure processing operation in the destination enclave; and wherein the enclave data includes state data of the source enclave after partially completing the source operation. 14. The system of claim 8 , wherein the first secure communications channel is secured by encrypting messages with a key generated while attesting the sealing enclave to the source enclave; and wherein the one or more processors are configured to: decrypt the enclave data with the key. 15. A computer readable storage device comprising computer readable instructions that, when executed by a computing system, cause at least: attesting a sealing enclave to a source enclave; receiving enclave data from the source enclave via a first secure communications channel; sealing the enclave data to the sealing enclave; verifying that a destination enclave, which is different from the source enclave and which is different from the sealing enclave, is permitted access to the enclave data based at least in part on a destination identity of the destination enclave that is indicated in an attestation report of the destination enclave corresponding to an abstract id