A computer implemented method for recovering a partition context in the
event of a system or hardware device failure. Upon receiving a command
from a partition to modify context data in a trusted platform module
(TPM) hardware device, a trusted platform module input/output host
partition (TMPIOP) provides an encrypted copy of the context data and the
command to the TPM hardware device, which processes the command and
updates the context data. If the TPM hardware device successfully
processes the command, the TMPIOP receives the updated context data from
the TPM hardware device and stores the updated context data received in
encrypted form in a context data cache or a non-volatile storage
off-board the TPM hardware device. If the TPM hardware device fails to
successfully process the command, the TMPIOP uses a last valid copy of
the context data to retry processing of the command on a different TPM
hardware device.