Restricting usage of encryption keys by untrusted software

What is claimed is: 1. A processor comprising: a processor core comprising one or more hardware registers, the one or more hardware registers to store: an indication of a number of bits of physical memory addresses used for key identifiers (IDs); and a boundary between non-restricted key IDs and restricted key IDs; and a memory controller coupled to the processor core, the memory controller to: determine a key ID range of the restricted key IDs within the physical memory addresses; access a processor state comprising an indication that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction from the first logical processor, the memory transaction comprising an address associated with a key ID; and generate a fault in response to a determination that the key ID is within the key ID range of the restricted key IDs. 2. The processor of claim 1 , wherein the fault is related to a type of access, to the key ID, by the first logical processor. 3. The processor of claim 1 , wherein the memory transaction includes a physical memory address to which is appended the key ID, and wherein the memory controller is further to: determine the key ID is within the key ID range of the restricted key IDs; and block access by the first logical processor to a memory location associated with the physical memory address. 4. The processor of claim 3 , wherein the memory controller is further to, in response to generation of the fault: ignore further write transactions to the memory location from the first logical processor; and return all one values in response to further read transactions to the memory location. 5. The processor of claim 1 , wherein the memory transaction includes a linear address, and wherein the memory controller is further to: translate, via paging, the linear address to a physical memory address; extract the key ID from the physical memory address; and block access by the first logical processor to a memory location of the physical memory address. 6. The processor of claim 5 , wherein the fault comprises a reserved key page fault associated with an attempt to set a reserved bit within a page table during the paging. 7. The processor of claim 1 , wherein the memory transaction includes a guest virtual address, and wherein the first logical processor is further to: translate, via a walk of guest page tables, the guest virtual address to a guest physical address; translate, via a walk of extended page tables (EPT), the guest physical address to a physical memory address; and extract the key ID from the physical memory address; and wherein the memory controller is further to block access by the first logical processor to a memory location of the physical memory address. 8. The processor of claim 7 , wherein the fault comprises a reserved key EPT misconfiguration fault associated with configuration of an EPT paging-structure entry reserved for future functionality. 9. The processor of claim 1 , wherein the first logical processor executes a virtual machine monitor (VMM), and wherein the VMM issues the memory transaction. 10. A system comprising: a memory device; one or more hardware registers to store: an indication of a number of address bits of physical memory addresses, of the memory device, to be used for key identifiers (IDs), the key identifiers associated with domain-specific encryption keys; and a boundary between non-restricted key IDs and restricted key IDs of the key identifiers; and a processor coupled to the memory device, the processor comprising a cryptographic engine, a hardware register of the one or more hardware registers, and a memory controller, wherein the cryptographic engine is to: determine a key ID range of the restricted key IDs within the physical memory addresses; receive a processor state comprising an indication that a first logical processor executes in an untrusted domain mode; receive, from the memory controller in response to a memory transaction from the first logical processor, a key ID associated with an address of the memory transaction; and generate a fault in response to a determination that the key ID is within the key ID range of the restricted key IDs. 11. The system of claim 10 , wherein the processor state is received from a control register of the processor, and wherein the cryptographic engine further comprises: a comparator to compare a value of the key ID with the key ID range of the restricted key IDs; and a first AND gate with a first input from the comparator and a second input from the control register. 12. The system of claim 11 , wherein the memory transaction includes a physical memory address, associated with a memory location, to which is appended the key ID, and wherein in response to the fault that is output from the first AND gate, the cryptographic engine is further to cause the memory controller to: ignore further write transactions to the memory location from the first logical processor; and return all one values in response to further read transactions to the memory location. 13. The system of claim 11 , wherein the memory transaction includes a linear address mapped to a physical memory address to which is appended the key ID, and wherein the cryptographic engine further comprises a second AND gate comprising: inputs from the first AND gate and an indication from the memory controller that the physical memory address was determined from paging; and an output comprising a reserved key page fault associated with an attempt to set a reserved bit within a page table during paging. 14. The system of claim 13 , wherein the hardware register is a model-specific register, and wherein the cryptographic engine is further to direct the memory controller to block access by the first logical processor to a memory location of the physical memory address. 15. The system of claim 11 , wherein the memory transaction includes a guest virtual address mapped to a physical memory address to which is appended the key ID, and wherein the cryptographic engine further comprises a second AND gate comprising: inputs from the first AND gate and an indication from a virtual machine monitor (VMM) that the physical memory address was determined from a walk of extended page tables (EPTs); and an output comprising a reserved key EPT misconfiguration fault associated with configuration of an EPT paging-structure entry reserved for future functionality. 16. The system of claim 15 , wherein the cryptographic engine is further to direct the memory controller to block access by the first logical processor to a memory location of the physical memory address. 17. A method comprising: retrieving a number of address bits of physical memory addresses used for key identifiers (IDs); retrieving a first key identifier (ID), of the key identifiers, to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers; determining, by a memory controller of a processor, a key ID range of the restricted key IDs within the physical memory addresses; accessing, by the processor, a processor state comprising an indication that a first logical processor is executing in an untrusted domain mode; intercepting, by the memory controller, a memory transaction from the first logical processor, the memory transaction comprising an address associated with a key ID; and generating, by the processor, a fault in response to a determination that the key ID is within the key ID range of the restricted key IDs.