diff --git a/common.c b/common.c
index 8489e02b8..7d019ec31 100644
--- a/common.c
+++ b/common.c
@@ -24,6 +24,8 @@
 #include "oled.h"
 #include "firmware/usb.h"
 
+uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
 static void __attribute__((noreturn)) shutdown(void)
 {
     for (;;);
diff --git a/common.h b/common.h
index 9a40d000f..912f73c54 100644
--- a/common.h
+++ b/common.h
@@ -23,6 +23,9 @@
 #include <stdint.h>
 #include "secbool.h"
 
+#define HW_ENTROPY_LEN 12
+extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
+
 void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func);
 void __attribute__((noreturn)) error_shutdown(const char *line1, const char *line2, const char *line3, const char *line4);
 
diff --git a/firmware/config.c b/firmware/config.c
index aeda096af..af55fccf1 100644
--- a/firmware/config.c
+++ b/firmware/config.c
@@ -279,8 +279,7 @@ static bool config_upgrade_v10(void)
         }
     }
 
-    // TODO Add salt.
-    storage_init(NULL, (const uint8_t*)"", 0);
+    storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
     storage_unlock(PIN_EMPTY);
     if (config.has_pin) {
         storage_change_pin(PIN_EMPTY, pin_to_int(config.pin));
@@ -344,8 +343,7 @@ void config_init(void)
 {
     config_upgrade_v10();
 
-    // TODO Add salt.
-    storage_init(&protectPinUiCallback, (const uint8_t*)"", 0);
+    storage_init(&protectPinUiCallback, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
 
     uint16_t len = 0;
     if (sectrue == storage_get(KEY_UUID, config_uuid, sizeof(config_uuid), &len) && len == sizeof(config_uuid)) {
diff --git a/firmware/trezor.c b/firmware/trezor.c
index 30a9e3746..fd5957802 100644
--- a/firmware/trezor.c
+++ b/firmware/trezor.c
@@ -17,6 +17,7 @@
  * along with this library.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "common.h"
 #include "trezor.h"
 #include "oled.h"
 #include "bitmaps.h"
@@ -31,6 +32,8 @@
 #include "buttons.h"
 #include "gettext.h"
 #include "bl_check.h"
+#include "memzero.h"
+#include <libopencm3/stm32/desig.h>
 
 /* Screen timeout */
 uint32_t system_millis_lock_start;
@@ -86,6 +89,13 @@ void check_lock_screen(void)
 
 int main(void)
 {
+#if EMULATOR
+    memzero(HW_ENTROPY_DATA, HW_ENTROPY_LEN);
+    HW_ENTROPY_DATA[0] = 1;
+#else
+    desig_get_unique_id((uint32_t*)HW_ENTROPY_DATA);
+#endif
+
 #ifndef APPVER
 	setup();
 	__stack_chk_guard = random32(); // this supports compiler provided unpredictable stack protection checks