Share via


Learn more about the TPM storage root key

Applies To: Windows Server 2008

The storage root key is embedded in the TPM security hardware. It is used to protect TPM keys created by applications, so that these keys cannot be used without the TPM.

Unlike the endorsement key (which is generally created when the TPM is manufactured), the storage root key is created when you take ownership of the TPM. This means that if you clear the TPM and a new user takes ownership, a new storage root key is created.

The storage root key is defined by the Trusted Computing Group. For more information, consult the “TCG Architecture overview” specification document available from the Trusted Computing Group Web site (https://go.microsoft.com/fwlink/?LinkId=69584).

Additional references