Understand the TPM Storage Root Key

Applies To: Windows 7, Windows Server 2008 R2

The storage root key is embedded in the Trusted Platform Module (TPM) security hardware. It is used to protect TPM keys created by applications, so that these keys cannot be used without the TPM.

Unlike the endorsement key (which is generally created when the TPM is manufactured), the storage root key is created when you take ownership of the TPM. This means that if you clear the TPM and a new user takes ownership, a new storage root key is created.

The storage root key is defined by the Trusted Computing Group (TCG). For more information, consult the "TCG Architecture overview" specification document available from the TCG Web site (https://go.microsoft.com/fwlink/?LinkId=69584).

Additional references