A TPM is a form of HSM (Hardware Security Module).

HSMs come in all sizes, from a chip in your phone (secure element) or even a dedicated part of a SoC chip, to a big box in a datacenter that can handle tons of requests per second.

The idea is having dedicated hardware to protect the private key material. This hardware can execute signing operations, so it can use the key but it can't share the key material itself. It is usually also physically hardened with techniques to extract said keys, like sidechannel attacks based on power draw, X-ray inspection, decapping etc.

▲

firesteelrain 2 hours ago | parent [-]

Thanks - I know the difference

This also sounds very AI-like

	▲	wolvoleo an hour ago \| parent [-]
		I'm not AI and I didn't use it for that, I just thought it was a genuine question and tried to explain it clearly :) I don't really get why anyone would let an AI put random comments on discussions anyway but that's another story.