Which component generates and stores cryptographic keys and is less susceptible to tampering and insider threats?

This focuses on secure key management in hardware. A hardware security module is designed to generate cryptographic keys within its secure boundary, store those keys securely, and perform cryptographic operations inside the device. Its physical tamper-resistant design, strong access controls, and built-in auditing help prevent keys from being exposed or extracted, even if the host system or operators are compromised. That makes it much less susceptible to tampering and insider threats, because the sensitive material never leaves the secure module in usable form. The idea of a root of trust is the foundational level that ensures overall trust, and can be realized in hardware, but the component that directly generates and stores keys in a protected environment is the hardware security module. Attestation relates to proving integrity of a system, and privacy concerns data protection, not specifically the secure key storage and generation described here.