Secure encryption key management in trust domains

What is claimed is: 1. A processing device comprising: memory to store a key ownership data structure table (KODS) that is to be protected by a trust domain module against direct software access; and a processor core configurable to implement a trust domain module to maintain the KODS, wherein the KODS is to be used to manage host key identifiers (HKIDs) to at least assign HKIDs to a trust domain (TD) and revoke HKIDs from a TD, wherein the processor core is further configurable to execute a virtual machine monitor (VMM), wherein the trust domain module is configurable to respond to the VMM to: execute a function to create a TD and an encryption key corresponding to the TD, the encryption key to be identified by a guest key identifier (GKID) and protected against software access from at least other TDs; reference the KODS to obtain at least one unassigned HKID corresponding to the encryption key, the HKID utilized to encrypt a TD memory and assign the HKID to the TD by marking the HKID in the KODS as assigned; and configure the encryption key on the processing device by associating the encryption key with the HKID, wherein the assigned HKID and the configured encryption key allow the TD memory to be accessible by the TD, wherein responsive to determining that a number of unassigned HKIDs in the KODS are below a threshold, the trust domain module is to: reclaim the HKID from the TD by marking the HKID in the KODS; responsive to reclaiming the HKID, clear a memory cache on the processing device to delete data encrypted with the HKID from the memory cache; and mark the HKID as unassigned in the KODS. 2. The processing device of claim 1 , wherein the trust domain module to reclaim the HKID from the TD further comprises the trust domain module to decouple the HKID from the TD. 3. The processing device of claim 1 , wherein responsive to reclaiming the HKID from the TD, the trust domain module is to revive the TD by: assigning an unassigned HKID from the KODS to the TD; and configuring the encryption key on the processing device by associating the encryption key with the assigned HKID, wherein the assigned HKID and the configured encryption key allow the TD memory to be accessible by the TD. 4. The processing device of claim 1 , wherein responsive to marking the HKID in the KODS as assigned, the trust domain module is to remove the HKID from a list of HKIDs assignable by the trust domain module to other TDs. 5. The processing device of claim 1 , wherein the encryption key comprises an ephemeral random encryption key generated by the TD to be used exclusively by the TD. 6. The processing device of claim 1 , wherein configuring the encryption key on the processing device further comprises to encrypt the TD memory by an encryption engine using the encryption key. 7. The processing device of claim 1 , wherein the unassigned HKID comprises a host key ID designated for TD private memory encryption keys. 8. The processing device of claim 1 , wherein the assigned HKID is to be stored in an access-controlled TD control structure (TDCS). 9. A method comprising: creating, by a trust domain module executing on a processing device to manage a trust domain (TD), a TD and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least other TDs; referencing, by a trust domain resource manager (TDRM), a key ownership data structure (KODS) that is protected against software access to obtain at least one unassigned host key identifier (HKID) corresponding to the randomly-generated encryption key, the HKID utilized to encrypt a TD memory, wherein the KODS is stored on the processing device; KODS assigning the HKID to the TD by marking the HKID in the KODS as assigned; and configuring the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID, wherein the assigned HKID and the configured randomly-generated encryption key allow the TD memory to be accessible by the TD. 10. The method of claim 9 , wherein responsive to determining that a number of unassigned HKIDs in the KODS are below a threshold, further comprising: reclaiming, by the trust domain module, the HKID from the TD by marking the HKID in the KODS as reclaimed; responsive to reclaiming the HKID, clearing a memory cache on the processing device to delete data encrypted with the HKID from the memory cache; and marking the HKID as unassigned in the KODS. 11. The method of claim 10 , wherein reclaiming the HKID from the TD further comprises decoupling the HKID from the TD. 12. The method of claim 10 , wherein responsive to reclaiming the HKID from the TD, further comprising: reviving, by the trust domain module, the TD by: assigning an unassigned HKID from the KODS to the TD; and configuring the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the assigned HKID, wherein the assigned HKID and the configured randomly-generated encryption key allow the TD memory to be accessible by the TD. 13. The method of claim 9 , wherein responsive to marking the HKID in the KODS as assigned, further comprising: removing, by the trust domain module, the HKID from a list of HKIDs assignable by the TDRM to other TDs. 14. The method of claim 9 , wherein the randomly-generated encryption key comprises an ephemeral random encryption key generated by the TD to be used exclusively by the TD. 15. The method of claim 9 , wherein configuring the randomly-generated encryption key on the processing device further comprises encrypting the TD memory by an encryption engine using the randomly-generated encryption key. 16. The method of claim 9 , wherein the unassigned HKID comprises a host key ID designated for TD private memory encryption keys. 17. The method of claim 9 , wherein the assigned HKID is stored in an access-controlled TD control structure (TDCS). 18. A system comprising: a memory device to store instructions; and a processing device operably coupled to the memory device, the processing device comprising: a key ownership data structure (KODS) that is protected against software access; and a processing core that is configurable to execute a trust domain module wherein the trust domain module is to, responsive to a virtual machine monitor (VMM): create a trust domain (TD) and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least other TDs; reference the KODS to obtain at least one unassigned host key identifier (HKID) corresponding to the randomly-generated encryption key, the HKID utilized to encrypt a TD memory; assign the HKID to the TD by marking the HKID in the KODS as assigned; and configure the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID, wherein the assigned HKID and the configured randomly-generated encryption key allow the TD memory to be accessible by the TD. 19. The system of claim 18 , wherein responsive to reclaiming the HKID from the TD, the trust domain module is to revive the TD by: assigning an unassigned HKID from the KODS to the TD; and configuring the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the assigned H