Memory management in secure enclaves

What is claimed is: 1. A processor comprising: an instruction unit to receive a first instruction, a second instruction, and a third instruction; and an execution unit to execute the first instruction, wherein execution of the first instruction includes allocating a first page in an enclave page cache to a secure enclave, execution of the second instruction in connection with execution of the first instruction includes confirming the allocating of the first page, execution of the third instruction includes de-allocating the first page in the enclave page cache from the secure enclave and setting a modified indicator in an entry for the first page in the enclave page cache map, wherein the first page is not modifiable while the modified indicator is set, and execution of the second instruction in connection with execution of the third instruction includes confirming the de-allocating of the first page and clearing the modified indicator. 2. The processor of claim 1 , wherein execution of the first instruction also includes setting a pending indicator in an entry for the first page in an enclave page cache map. 3. The processor of claim 2 , wherein execution of the second instruction also includes clearing the pending indicator. 4. The processor of claim 2 , wherein the first page is not accessible by the secure enclave while the pending indicator is set. 5. A method comprising: receiving a first request from a secure enclave for more memory space in an enclave page cache; receiving a first instruction from an operating system; in response to receiving the first instruction, allocating a first page in the enclave page cache to the secure enclave; receiving a second instruction from the secure enclave in connection with executing the first instruction; in response to receiving the second instruction, confirming the allocating of the first page; receiving a second request from the secure enclave to de-allocate the first page in the enclave page cache; receiving a third instruction from the operating system; in response to receiving the third instruction, de-allocating the first page and setting a modified indicator in an entry for the second page in an enclave page cache map wherein the first page is not modifiable while the modified indicator is set; receiving the second instruction from the secure enclave in connection with executing the third instruction; and in response to receiving the second instruction, confirming the de-allocating of the first page and clearing the modified indicator. 6. The method of claim 5 , further comprising, in response to receiving the first instruction, setting a pending indicator in an entry for the first page in an enclave page cache map. 7. The method of claim 6 , further comprising, in response to receiving the second instruction, clearing the pending indicator. 8. The method of claim 7 , wherein the first page is not accessible by the secure enclave while the pending indicator is set. 9. A system comprising: a memory; and a processor including an instruction unit to receive a first instruction, a second instruction, and a third instruction; and an execution unit to execute the first instruction, wherein execution of the first instruction includes allocating a first page in an enclave page cache to a secure enclave, execution of the second instruction in connection with execution of the first instruction includes confirming the allocating of the first page, execution of the third instruction includes de-allocating the first page in the enclave page cache from the secure enclave and setting a modified indicator in an entry for the first page in the enclave page cache map, wherein the first page is not modifiable while the modified indicator is set, and execution of the second instruction in connection with execution of the third instruction includes confirming the de-allocating of the first page and clearing the modified indicator.