Preventing unauthorized translated access using address signing

What is claimed is: 1. A system comprising: one or more processing units; and one or more memory units storing instructions that, when executed by the one or more processing units, cause the one or more processing units to execute operations comprising: receiving a request to move an entity into a Trusted Execution Environment (TEE) of a Virtual Machine (VM), the TEE associated with a physical address owned by the VM; in response to the request to move the entity into the TEE, assigning a key that corresponds to the VM to the entity; generating, using the key, a signature of a physical address that is translated from a virtual address based at least on a request to translate the virtual address and based at least on the assigning of the key to the entity; providing, in response to the request to translate the virtual address, data corresponding to the signature and the physical address; and based at least on determining that a request for memory access includes the signature and the physical address, enabling the memory access to the physical address. 2. The system of claim 1 , wherein the providing the data is in a translated address field of the response. 3. The system of claim 1 , wherein the determining that a request for memory access includes the signature and the physical address comprises: generating a reference signature from a potential physical address included in the request for the memory access using a key that is associated with the request; and determining that the reference signature matches the signature that is included in the request for the memory access. 4. The system of claim 1 , wherein the data represents at least an encrypted version of a combination of at least the signature and the physical address, and the determining is based at least on decrypting the encrypted version of the combination of at least the signature and the physical address. 5. The system of claim 1 , wherein the operations further include invaliding the key based at least on terminating the VM owning the physical address. 6. The system of claim 1 , wherein the determining that the request for the memory access includes the signature and the physical address includes: generating a reference signature from the physical address using a key that is associated with at least an entity that provided the request for the memory access; and determining that the reference signature matches the signature that is included in the request for the memory access. 7. The system of claim 1 , wherein the determining that the request for the memory access includes the signature and the physical address includes: generating a reference signature from the physical address using a key that is associated with at least a device function indicated by the request for the memory access; and determining that the reference signature matches the signature that is included in the request for the memory access. 8. The system of claim 1 , wherein the generating, providing, and enabling are performed by a host of the VM. 9. The system of claim 1 , wherein the operations further include invaliding the key based at least on the VM revoking access to the physical address. 10. A processor comprising: one or more circuits to: receive a request to move an entity into a Trusted Execution Environment (TEE) of a Virtual Machine (VM), the TEE associated with a first address owned by the VM; in response to the request to move the entity into the TEE, assign the entity to the TEE; provide, based at least on a request to translate a second address and based at least on the assignment of the entity to the TEE, a cryptographically modified version of the first address translated from the second address, receive the cryptographically modified version of the first address in association with a request for a memory access transfer with the first address, and initiate the memory access transfer based at least on verifying the cryptographically modified version of the first address. 11. The processor of claim 10 , wherein the second address is a virtual address and the first address is a physical address. 12. The processor of claim 10 , wherein the cryptographically modified version of the first address comprises a signature generated from the first address. 13. The processor of claim 10 , wherein the cryptographically modified version of the first address comprises an encrypted version of at least the first address. 14. The processor of claim 10 , wherein the receiving of the cryptographically modified version of the first address is in a translated address field of the request. 15. The processor of claim 10 , wherein the verifying the cryptographically modified version of the first address includes: generating a signature based at least on decrypting the cryptographically modified version of the first address using a key that is associated with at least an entity that provided the request for the memory access transfer; and determining that a reference signature associated with the entity matches the signature. 16. The processor of claim 10 , wherein the processor is comprised in at least one of: a control system for an autonomous or semi-autonomous machine; a perception system for an autonomous or semi-autonomous machine; a system for performing simulation operations; a system for performing deep learning operations; a system implemented using an edge device; a system implemented using a robot; a system incorporating one or more virtual machines (VMs); a system implemented at least partially in a data center; or a system implemented at least partially using cloud computing resources. 17. A method comprising: receiving, by an entity and in response to a request to translate a first address, a cryptographically modified version of a second address translated from the first address wherein the receiving is based at least on the entity being assigned to a Trusted Execution Environment (TEE) of a Virtual Machine (VM) in response to a request to move the entity into the TEE, the TEE associated with the second address owned by the VM; providing a request for memory access to the second address, the request including the cryptographically modified version of the second address that was received in the response to the request; and receiving data corresponding to the memory access to the second address based at least on the request for the memory access. 18. The method of claim 17 , further comprising storing the cryptographically modified version of a second address that is received in the response in a translation cache, wherein the request for the memory access is based at least on retrieving the cryptographically modified version of a second address from the translation cache. 19. The method of claim 17 , wherein the cryptographically modified version of a second address corresponds to a combination of the second address and a signature of the second address. 20. The method of claim 17 , wherein the request to translate the first address, the request for the memory access, and the data corresponding to the memory access are communicated over an interface of a host device.