diff --git a/embed/extmod/modtrezorconfig/modtrezorconfig.c b/embed/extmod/modtrezorconfig/modtrezorconfig.c
index 2857137b30..0f50612caf 100644
--- a/embed/extmod/modtrezorconfig/modtrezorconfig.c
+++ b/embed/extmod/modtrezorconfig/modtrezorconfig.c
@@ -41,6 +41,19 @@ STATIC mp_obj_t mod_trezorconfig_init(void) {
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_init_obj, mod_trezorconfig_init);
 
+/// def check_pin(pin: int, waitcallback: (int, int -> None)) -> bool:
+///     '''
+///     Check the given PIN. Returns True on success, False on failure.
+///     '''
+STATIC mp_obj_t mod_trezorconfig_check_pin(mp_obj_t pin, mp_obj_t waitcallback) {
+    uint32_t pin_i = mp_obj_get_int(pin);
+    if (sectrue != storage_check_pin(pin_i, waitcallback)) {
+        return mp_const_false;
+    }
+    return mp_const_true;
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_check_pin_obj, mod_trezorconfig_check_pin);
+
 /// def unlock(pin: int, waitcallback: (int, int -> None)) -> bool:
 ///     '''
 ///     Attempts to unlock the storage with given PIN.  Returns True on
@@ -134,6 +147,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_wipe_obj, mod_trezorconfig_wip
 STATIC const mp_rom_map_elem_t mp_module_trezorconfig_globals_table[] = {
     { MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_trezorconfig) },
     { MP_ROM_QSTR(MP_QSTR_init), MP_ROM_PTR(&mod_trezorconfig_init_obj) },
+    { MP_ROM_QSTR(MP_QSTR_check_pin), MP_ROM_PTR(&mod_trezorconfig_check_pin_obj) },
     { MP_ROM_QSTR(MP_QSTR_unlock), MP_ROM_PTR(&mod_trezorconfig_unlock_obj) },
     { MP_ROM_QSTR(MP_QSTR_has_pin), MP_ROM_PTR(&mod_trezorconfig_has_pin_obj) },
     { MP_ROM_QSTR(MP_QSTR_change_pin), MP_ROM_PTR(&mod_trezorconfig_change_pin_obj) },
diff --git a/embed/extmod/modtrezorconfig/storage.c b/embed/extmod/modtrezorconfig/storage.c
index 4e9ff13cfe..6f1a4b19e4 100644
--- a/embed/extmod/modtrezorconfig/storage.c
+++ b/embed/extmod/modtrezorconfig/storage.c
@@ -131,7 +131,7 @@ static secbool pin_get_fails(const uint32_t **pinfail, uint32_t *pofs)
     return sectrue;
 }
 
-static secbool pin_check(uint32_t pin, mp_obj_t callback)
+secbool storage_check_pin(uint32_t pin, mp_obj_t callback)
 {
     const uint32_t *pinfail = NULL;
     uint32_t ofs;
@@ -185,7 +185,7 @@ static secbool pin_check(uint32_t pin, mp_obj_t callback)
 secbool storage_unlock(const uint32_t pin, mp_obj_t callback)
 {
     unlocked = secfalse;
-    if (sectrue == initialized && sectrue == pin_check(pin, callback)) {
+    if (sectrue == initialized && sectrue == storage_check_pin(pin, callback)) {
         unlocked = sectrue;
     }
     return unlocked;
@@ -228,7 +228,7 @@ secbool storage_change_pin(const uint32_t pin, const uint32_t newpin, mp_obj_t c
     if (sectrue != initialized || sectrue != unlocked) {
         return secfalse;
     }
-    if (sectrue != pin_check(pin, callback)) {
+    if (sectrue != storage_check_pin(pin, callback)) {
         return secfalse;
     }
     return norcow_set(PIN_KEY, &newpin, sizeof(uint32_t));
diff --git a/embed/extmod/modtrezorconfig/storage.h b/embed/extmod/modtrezorconfig/storage.h
index e775d47108..de6a38cf1b 100644
--- a/embed/extmod/modtrezorconfig/storage.h
+++ b/embed/extmod/modtrezorconfig/storage.h
@@ -24,9 +24,9 @@
 
 void storage_init(void);
 void storage_wipe(void);
+secbool storage_check_pin(uint32_t pin, mp_obj_t callback);
 secbool storage_unlock(const uint32_t pin, mp_obj_t callback);
 secbool storage_has_pin(void);
-uint32_t storage_pin_wait_time(void);
 secbool storage_change_pin(const uint32_t pin, const uint32_t newpin, mp_obj_t callback);
 secbool storage_get(uint16_t key, const void **val, uint16_t *len);
 secbool storage_set(uint16_t key, const void *val, uint16_t len);
diff --git a/src/apps/management/change_pin.py b/src/apps/management/change_pin.py
index fa67b0ad03..f035f8a23d 100644
--- a/src/apps/management/change_pin.py
+++ b/src/apps/management/change_pin.py
@@ -1,5 +1,4 @@
-from trezor import ui
-from trezor import config
+from trezor import config, loop, ui
 from trezor.pin import pin_to_int, show_pin_timeout
 
 
@@ -13,6 +12,21 @@ async def request_pin(ctx, *args, **kwargs):
     return await request_pin(*args, **kwargs)
 
 
+@ui.layout
+async def pin_mismatch():
+    from trezor.ui.text import Text
+
+    text = Text(
+        'PIN mismatch', ui.ICON_DEFAULT,
+        'Entered PINs do not',
+        'match each other.',
+        '',
+        'Please, try again...',
+    )
+    text.render()
+    await loop.sleep(3 * 1000 * 1000)
+
+
 async def request_pin_confirm(ctx, *args, **kwargs):
     from trezor.messages import PinMatrixRequestType
 
@@ -23,7 +37,7 @@ async def request_pin_confirm(ctx, *args, **kwargs):
             ctx, code=PinMatrixRequestType.NewSecond, *args, **kwargs)
         if pin1 == pin2:
             return pin1
-        # TODO: display a message and wait
+        await pin_mismatch()
 
 
 def confirm_change_pin(ctx, msg):
@@ -59,6 +73,8 @@ async def layout_change_pin(ctx, msg):
     await confirm_change_pin(ctx, msg)
     if config.has_pin():
         curr_pin = await request_pin(ctx, PinMatrixRequestType.Current)
+        if not config.check_pin(pin_to_int(curr_pin), show_pin_timeout):
+            return Failure(code=FailureType.PinInvalid, message='PIN invalid')
     else:
         curr_pin = ''
     if msg.remove: