App note from Silicon Labs on their EFR32 device secure features Key encryption. Link here (PDF)
Secure Key Storage is a feature in Secure Vault-enabled Series 2 devices that allows for the protection of cryptographic keys by key wrapping. User keys are encrypted by the device’s root key for non-volatile storage for later usage. This prevents the need for a key to be stored in plaintext format on the device, preventing attackers from gaining access to the keys through traditional flash-extraction or application attacks, and allowing for a potentially unlimited number of keys to be securely stored in any available storage.