TPM and Storage of Keys
A TPM hardware device has very limited non-volatile protected memory just sufficient to store the EK (Endorsement Key) and SRK (Storage Root Key). However, it allows for the safe storage of an unlimited number of symmetric keys on an otherwise vulnerable HDD.
The Storage Root Key (SRK) is used to wrap TPM protected keys which can be stored outside the TPM. This data stored outside the TPM can be decrypted by passing it back through the TPM again for a decryption operation.
Keys wrapped by the SRK can themselves be used to wrap other keys, creating a key hierarchy of parent key and child keys. To load a child key, the parent key must be loaded first. Once the child key is loaded, the parent key can be unloaded from the TPM to free up TPM chip resources.