Do you understand the root process of encryption systems? The TPN algorithm is most likely a product of a root encryption system. IOW, all keys generated by a TPM can be unlocked by the root system. And it’s likely proactive. The TPM device with a new key probably ‘checks in’ with the root when a new key is created, retaining decryption of the TPM system.
Is that a rhetorical question? Do you understand the basics of a TPM? The TPM hash is generated when the TPM is first powered on. It is unique to the hardware configuration of the machine. Meaning the algorithm generated is like a fingerprint. It’s unique to the machine. The likelihood of the TPM hash being identical to another system, even one that is built identical to another, is infinitesimal.
There’s no root check-in. It’s not like a CA chain. The TPM IS the CA. It is the top-level certification authority for the machine. Hence the name Trusted Platform Module. It’s proof of the existence of the machine based on its unique fingerprint. The private key is generated by the newly-created hash, stored on the TPM, and it’s not even accessible by the owner.
So a 1024-bit hash, salted with whatever algorithm the manufacturer chooses, followed by a 1024-bit or greater private key means its basically inviolable. Even with the salt algorithm, the private key cannot be readily decrypted.