Uniform enclave interface

The invention claimed is: 1. A method for creating trusted applications stored in memory of a host computing device, the method comprising: creating, by one or more processors of the host computing device, an enclave manager in an untrusted environment of the host computing device, the enclave manager including instructions for creating one or more enclaves, wherein the enclave manager is created by an application running in the untrusted environment and implemented on the one or more processors; generating, by the one or more processors, an enclave in memory of the host computing device using the enclave manager; generating, by the enclave manager implemented on the one or more processors, one or more enclave clients of the enclave in the untrusted environment, the one or more enclave clients configured to provide one or more entry points into the enclave; and creating, by the one or more processors, one or more trusted application instances in the enclave. 2. The method of claim 1 , wherein the entry points include a plurality of different functions. 3. The method of claim 2 , wherein the plurality of different functions include one or more of an initialize function, a finalize function, a run function, a donate thread function, a handle signal function, and a destroy function. 4. The method of claim 3 , wherein the initialize function allows the one or more enclave clients to take system resources to run the one or more trusted application instances. 5. The method of claim 3 , wherein the finalize function allows the one or more enclave clients to relinquish system resources. 6. The method of claim 3 , wherein the run function allows the one or more enclave clients to execute functions of the one or more trusted application instances. 7. The method of claim 3 , wherein the donate thread function allows the one or more enclave clients to have an operating system of the host computing device provide a thread to enter the enclave. 8. The method of claim 3 , wherein the handle signal function allows the one or more enclave clients handle signals sent to the one or more trusted application instances. 9. The method of claim 3 , wherein the destroy function allows the one or more enclave clients to terminate the enclave. 10. The method of claim 1 , wherein the one or more enclave clients are further configured to allow code to run in the enclave. 11. The method of claim 1 , wherein generating the enclave includes using an application having a trusted application designation. 12. The method of claim 1 , further comprising using the enclave manager to maintain a hierarchical namespace by binding the enclave to an identifier in the hierarchical namespace. 13. The method of claim 1 , wherein the one or more trusted application instances includes code that stores sensitive data of an application running in the untrusted environment. 14. The method of claim 13 , wherein the one or more trusted application instances includes code that executes the sensitive data of the application. 15. The method of claim 1 , further comprising, using the enclave manager to provide platform services including a software-based clock. 16. The method of claim 1 , wherein the enclave is generated in a system having an isolation kernel and isolation capable hardware. 17. The method of claim 1 , wherein the enclave is generated in a system having hardware secure execution primitives and isolation capable hardware. 18. The method of claim 1 , wherein the enclave is generated in a system having a hardware secure element. 19. The method of claim 1 , wherein the enclave is generated in a system remote from the untrusted environment.