System, apparatus and method for page granular, software controlled multiple key memory encryption

What is claimed is: 1. A computing system comprising: a memory to be encrypted with a plurality of keys; and a cryptographic circuit coupled to the memory, the cryptographic circuit to: receive a data line from the memory in response to a read request from an agent, wherein the data line includes at least an encrypted portion, and the read request has a memory address; when the data line is compressed, obtain a key identifier for a key of the agent from the data line, wherein the key is one of the plurality of keys; when the data line is uncompressed, use the memory address of the read request to obtain the key identifier from a page-to-key (P2K) table that comprises a plurality of entries, each to map a particular memory page to a corresponding key identifier; use the key identifier to obtain the key; use the key to decrypt the at least encrypted portion of the data line into decrypted memory data; and send the decrypted memory data to a cache memory hierarchy of a processor for access by the agent. 2. The computing system of claim 1 , wherein each entry of the P2K table comprises (a) an encrypted page address for a page of the memory and (b) a corresponding key identifier. 3. The computing system of claim 2 , wherein the cryptographic circuit is to access a key table using the key identifier to obtain the key, the key table including a plurality of entries each to map a key identifier to a key, wherein each key is associated with a virtual machine. 4. The computing system of claim 3 , wherein the virtual machine is to generate the key and provide an entry for insertion into the P2K table, at least a portion of the entry encrypted with the key. 5. The computing system of claim 4 , further comprising a memory execution circuit of the processor, the memory execution circuit to receive the entry from the virtual machine and insert the entry into the P2K table. 6. The computing system of claim 5 , wherein the memory execution circuit, in response to a second read request from the virtual machine having a second memory address, is to obtain the entry from the P2K table, decrypt the at least portion of the entry with the key, and compare a decrypted version of an encrypted memory address in the entry with the second memory address to verify integrity of the entry, and to signal an error if the decrypted version of the encrypted memory address does not match the second memory address. 7. The computing system of claim 1 , wherein the computing system comprises a multi-tenant computing environment on which a plurality of virtual machines are to execute, at least some of the plurality of virtual machines associated with different customers of the multi-tenant computing environment. 8. The computing system of claim 1 , further comprising: the processor, wherein the processor comprises the cache memory hierarchy and a plurality of cores; a memory execution circuit in the processor, wherein the memory execution circuit comprises the cryptographic circuit; a memory controller in the processor, the memory controller to couple to the memory; and a compression circuit in the processor, the compression circuit to decompress at least a portion of the data line based on compression metadata stored in the data line, wherein the compression circuit is associated with the cache memory hierarchy and is to send the decompressed portion of the data line to the cache memory hierarchy. 9. A computing system comprising: a memory; a processor coupled to the memory, the processor to read a data line from the memory in response to a read request from a virtual machine (VM), the data line comprising encrypted memory data; and a memory encryption circuit in the processor, the memory encryption circuit to: use an address of the read request to select an entry from a page-to-key (P2K) table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data; wherein the processor is further to make the decrypted memory data available to the VM; and wherein the P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. 10. The computing system of claim 9 , wherein the memory encryption circuit is to determine whether the selected entry of the P2K table was generated by the VM, based on (i) the encrypted address in the selected entry and (ii) the selected key. 11. The computing system of claim 10 , wherein the memory encryption circuit is to: utilize the selected key to decrypt the encrypted address from the selected entry; and determine whether the decrypted address from the selected entry matches the address of the read request. 12. The computing system of claim 9 , wherein: the encrypted address in each entry in the P2K table comprises an encrypted version of a physical address of a memory page, the physical address being one of a host physical address and a guest physical address; and the P2K table is to be indexed by a page address of the read request. 13. The computing system of claim 9 , wherein the processor comprises an integrated memory controller. 14. A computing system comprising: a memory; and a memory encryption circuit coupled to the memory, the memory encryption circuit to: utilize an address of a read request from a virtual machine (VM) in a multi-tenant computing environment to select an entry from a page-to-key (P2K) table in the multi-tenant computing environment; utilize a key identifier from the selected entry to select a key to be used to decrypt data stored in a page of memory allocated to the VM; and utilize an encrypted address from the selected entry to determine whether the selected entry was generated by the VM. 15. The computing system of claim 14 , wherein the memory encryption circuit is to prevent access by entities other than the VM to the data stored in the page of memory allocated to the VM. 16. The computing system of claim 14 , wherein the memory encryption circuit is to utilize the selected key to decrypt the encrypted address from the selected entry. 17. The computing system of claim 16 , wherein to determine whether the selected entry was generated by the VM comprises to determine whether the decrypted address from the selected entry matches an address of the page of memory. 18. The computing system of claim 14 , wherein: the VM comprises a first VM; the key comprises a first key; the key identifier comprises a first key identifier; the page of memory comprises a first page of memory; the encrypted address from the selected entry comprises a first encrypted address; the selected entry in the P2K table comprises a first entry that was added to the P2K table by a supervisor of the multi-tenant computing environment after the first VM (a) generated the first key, (b) used the first key to generate the encrypted address, (c) included the first key identifier in the first entry, (d) included the encrypted address in the first entry, (e) sent the first entry to the supervisor; and the P2K table comprises a second entry with a second encrypted address for a second page of memory allocated to a second VM. 19. The computing system of claim 14 , wherein the memory encryption circuit is further to utilize the selected key to encrypt data to be stored in the page of memory allocated to the VM. 20. The computing system of claim 14 , whe