diff --git a/core/SConscript.firmware b/core/SConscript.firmware
index 30cb32f2ec..8fb1f7d8ff 100644
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@@ -794,15 +794,17 @@ cmake_gen = env.Command(
 
 
 MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
 if BOOTLOADER_QA:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
     BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
 elif PRODUCTION:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
+elif TREZOR_MODEL == 'R':
+    # XXX workaround for currently missing prod-signed vendorheader for T2B1
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
 else:
-    VENDORHEADER = 'embed/vendorheader/vendorheader_unsafe_signed_prod.bin'
-    BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
 
 obj_program.extend(
     env.Command(
diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest
index efb2a4aeaa..cf196f4540 100644
--- a/core/SConscript.prodtest
+++ b/core/SConscript.prodtest
@@ -193,7 +193,9 @@ obj_program.extend(env.Object(source=SOURCE_PRODTEST))
 obj_program.extend(env.Object(source=SOURCE_STMHAL))
 obj_program.extend(env.Object(source=SOURCE_TREZORHAL))
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_prod.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'prodtest_signed_prod.bin')
 
 obj_program.extend(
     env.Command(
diff --git a/core/SConscript.reflash b/core/SConscript.reflash
index e3114886db..17528270da 100644
--- a/core/SConscript.reflash
+++ b/core/SConscript.reflash
@@ -181,7 +181,9 @@ obj_program += env.Object(source=SOURCE_REFLASH)
 obj_program += env.Object(source=SOURCE_STMHAL)
 obj_program += env.Object(source=SOURCE_TREZORHAL)
 
-VENDORHEADER = 'embed/vendorheader/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
+MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
+
+VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_' + ('unsafe_signed_dev.bin' if ARGUMENTS.get('PRODUCTION', '0') == '0' else 'satoshilabs_signed_prod.bin')
 
 obj_program.extend(
     env.Command(
diff --git a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
new file mode 100644
index 0000000000..77aa812863
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "QA ONLY, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.toif
rename to core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
diff --git a/core/embed/vendorheader/T2B1/vendor_satoshilabs.json b/core/embed/vendorheader/T2B1/vendor_satoshilabs.json
new file mode 100644
index 0000000000..f89f57049e
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_satoshilabs.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "SatoshiLabs",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "bf4e6f004fcb32cec683f22c88c1a86c1518c6de8ac97002d84a63bea3e375dd",
+        "d2def691c1e9d809d8190cf7af935c10688f68983479b4ee9abac19104878ec1",
+        "07c85134946bf89fa19bdc2c5e5ff9ce01296508ee0863d0ff6d63331d1a2516"
+    ]
+}
diff --git a/core/embed/vendorheader/T2B1/vendor_satoshilabs.toif b/core/embed/vendorheader/T2B1/vendor_satoshilabs.toif
new file mode 100644
index 0000000000..4ba1fc365a
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendor_satoshilabs.toif differ
diff --git a/core/embed/vendorheader/T2B1/vendor_unsafe.json b/core/embed/vendorheader/T2B1/vendor_unsafe.json
new file mode 100644
index 0000000000..41699ae41c
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_unsafe.json
@@ -0,0 +1,19 @@
+{
+    "header_len": 4608,
+    "text": "UNSAFE, DO NOT USE!",
+    "hw_model": "T2B1",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": true,
+        "require_user_click": true,
+        "red_background": true,
+        "delay": 1
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/embed/vendorheader/T2B1/vendor_unsafe.toif b/core/embed/vendorheader/T2B1/vendor_unsafe.toif
new file mode 100644
index 0000000000..bb96de5fcb
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendor_unsafe.toif differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
new file mode 100644
index 0000000000..fac4d1b465
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
new file mode 100644
index 0000000000..5c4a762e52
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin
new file mode 100644
index 0000000000..e0c06fb39e
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendorheader_satoshilabs_unsigned.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin
new file mode 100644
index 0000000000..df3c90c1ec
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendorheader_unsafe_signed_dev.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin
new file mode 100644
index 0000000000..3fe85ef073
Binary files /dev/null and b/core/embed/vendorheader/T2B1/vendorheader_unsafe_unsigned.bin differ
diff --git a/core/embed/vendorheader/vendor_prodtest.json b/core/embed/vendorheader/T2T1/vendor_prodtest.json
similarity index 100%
rename from core/embed/vendorheader/vendor_prodtest.json
rename to core/embed/vendorheader/T2T1/vendor_prodtest.json
diff --git a/core/embed/vendorheader/vendor_prodtest.toif b/core/embed/vendorheader/T2T1/vendor_prodtest.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_prodtest.toif
rename to core/embed/vendorheader/T2T1/vendor_prodtest.toif
diff --git a/core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
similarity index 100%
rename from core/embed/vendorheader/vendor_qa_DO_NOT_SIGN.json
rename to core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
diff --git a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
new file mode 120000
index 0000000000..32ec8b2595
--- /dev/null
+++ b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
@@ -0,0 +1 @@
+vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/vendor_satoshilabs.json b/core/embed/vendorheader/T2T1/vendor_satoshilabs.json
similarity index 100%
rename from core/embed/vendorheader/vendor_satoshilabs.json
rename to core/embed/vendorheader/T2T1/vendor_satoshilabs.json
diff --git a/core/embed/vendorheader/vendor_satoshilabs.toif b/core/embed/vendorheader/T2T1/vendor_satoshilabs.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_satoshilabs.toif
rename to core/embed/vendorheader/T2T1/vendor_satoshilabs.toif
diff --git a/core/embed/vendorheader/vendor_unsafe.json b/core/embed/vendorheader/T2T1/vendor_unsafe.json
similarity index 100%
rename from core/embed/vendorheader/vendor_unsafe.json
rename to core/embed/vendorheader/T2T1/vendor_unsafe.json
diff --git a/core/embed/vendorheader/vendor_unsafe.toif b/core/embed/vendorheader/T2T1/vendor_unsafe.toif
similarity index 100%
rename from core/embed/vendorheader/vendor_unsafe.toif
rename to core/embed/vendorheader/T2T1/vendor_unsafe.toif
diff --git a/core/embed/vendorheader/vendorheader_prodtest_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_prodtest_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_prodtest_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_prodtest_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_prodtest_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_prodtest_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_prodtest_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_prodtest_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
rename to core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
diff --git a/core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_satoshilabs_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_satoshilabs_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_satoshilabs_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_satoshilabs_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_satoshilabs_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_satoshilabs_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_satoshilabs_unsigned.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_dev.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_signed_dev.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_dev.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_signed_prod.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_prod.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_signed_prod.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_signed_prod.bin
diff --git a/core/embed/vendorheader/vendorheader_unsafe_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_unsafe_unsigned.bin
similarity index 100%
rename from core/embed/vendorheader/vendorheader_unsafe_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_unsafe_unsigned.bin
diff --git a/core/embed/vendorheader/generate.sh b/core/embed/vendorheader/generate.sh
index ae8b1d7579..1ef321f003 100755
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@@ -1,16 +1,24 @@
-BUILDVH=../../tools/build_vendorheader
-BINCTL=../../tools/headertool.py
+#!/usr/bin/env bash
 
 cd $(dirname $0)
 
-# construct all vendor headers
-for fn in *.json; do
-    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
-    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
-done
+BUILDVH=$(realpath ../../tools/build_vendorheader)
+BINCTL=$(realpath ../../tools/headertool.py)
 
-# sign dev and QA vendor header
-for name in unsafe qa_DO_NOT_SIGN; do
-    cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
-    $BINCTL -D vendorheader_${name}_signed_dev.bin
+MODELS=(T2T1 T2B1)
+
+for MODEL in ${MODELS[@]}; do
+    cd $MODEL
+    # construct all vendor headers
+    for fn in *.json; do
+        name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
+        $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
+    done
+
+    # sign dev and QA vendor header
+    for name in unsafe qa_DO_NOT_SIGN; do
+        cp -a vendorheader_${name}_unsigned.bin vendorheader_${name}_signed_dev.bin
+        $BINCTL -D vendorheader_${name}_signed_dev.bin
+    done
+    cd ..
 done