In a fault attack, an adversary injects faults into the processor state during execution of a cryprographic software. Then the adversary exploits the injected faults to retrieve the secret information. Disclosed is a technique for the recovery of fault-free microprocessor state in case of a fault attack. Two shadow flip-flops are employed to maintain the fault-free content of an original microprocessor flip-flop. Every clock cycle, only one of the shadow flip-flops is updated. In case of a fault detection, the update of the shadow flip-flops are suspended. This ensures that one of the shadow flip-flops contains the pre-fault (fault-free) content of the original flip-flop. Then the software can rely on the content of the fault-free show flip-flop to restore the pre-fault content of the original flip-flop and apply an application-specific fault response policy. Therefore, the disclosed technique provides a single point of trust for fault recovery and enables flexible fault response strategies.