diff --git a/core/SConscript.firmware b/core/SConscript.firmware
index 80d905229..f8782ab35 100644
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@@ -744,12 +744,12 @@ cmake_gen = env.Command(
 MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
 BOOTLOADER_SUFFIX = MODEL_IDENTIFIER
 if BOOTLOADER_QA:
-    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin'
     BOOTLOADER_SUFFIX = MODEL_IDENTIFIER + '_qa'
 elif PRODUCTION:
     VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_satoshilabs_signed_prod.bin'
 elif BOOTLOADER_DEVEL:
-    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin'
 else:
     VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
 
diff --git a/core/SConscript.prodtest b/core/SConscript.prodtest
index 91ca10753..621517d29 100644
--- a/core/SConscript.prodtest
+++ b/core/SConscript.prodtest
@@ -167,7 +167,7 @@ MODEL_IDENTIFIER = tools.get_model_identifier(TREZOR_MODEL)
 if PRODUCTION:
     VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_prodtest_signed_prod.bin'
 elif BOOTLOADER_DEVEL:
-    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_dev.bin'
+    VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin'
 else:
     VENDORHEADER = f'embed/vendorheader/{MODEL_IDENTIFIER}/vendorheader_unsafe_signed_prod.bin'
 
diff --git a/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.json b/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.json
new file mode 100644
index 000000000..7bdc03ecc
--- /dev/null
+++ b/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.json
@@ -0,0 +1,20 @@
+{
+    "header_len": 4608,
+    "text": "DEV ONLY, DO NOT USE!",
+    "hw_model": "D001",
+    "expiry": 0,
+    "version": [0, 0],
+    "sig_m": 2,
+    "trust": {
+        "allow_run_with_secret": false,
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.toif b/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.toif
new file mode 120000
index 000000000..1fc944393
--- /dev/null
+++ b/core/embed/vendorheader/D001/vendor_dev_DO_NOT_SIGN.toif
@@ -0,0 +1 @@
+./vendor_unsafe.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
new file mode 100644
index 000000000..dc01833e6
Binary files /dev/null and b/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ
diff --git a/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
new file mode 100644
index 000000000..2fee42f97
Binary files /dev/null and b/core/embed/vendorheader/D001/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.json
similarity index 93%
rename from core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
rename to core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.json
index 325e759e8..1d75f08d8 100644
--- a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.json
+++ b/core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.json
@@ -1,6 +1,6 @@
 {
     "header_len": 4608,
-    "text": "QA ONLY, DO NOT USE!",
+    "text": "DEV ONLY, DO NOT USE!",
     "hw_model": "T2B1",
     "expiry": 0,
     "version": [0, 0],
diff --git a/core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.toif
new file mode 120000
index 000000000..3dc5d9734
--- /dev/null
+++ b/core/embed/vendorheader/T2B1/vendor_dev_DO_NOT_SIGN.toif
@@ -0,0 +1 @@
+./vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
deleted file mode 120000
index 32ec8b259..000000000
--- a/core/embed/vendorheader/T2B1/vendor_qa_DO_NOT_SIGN.toif
+++ /dev/null
@@ -1 +0,0 @@
-vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
similarity index 97%
rename from core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
rename to core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
index 59bce50df..dc7ce39c0 100644
Binary files a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin and b/core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ
diff --git a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
similarity index 98%
rename from core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
rename to core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
index 8440523af..95bc9788c 100644
Binary files a/core/embed/vendorheader/T2B1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin and b/core/embed/vendorheader/T2B1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ
diff --git a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json b/core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.json
similarity index 93%
rename from core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
rename to core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.json
index 6fab49ebb..d22bff3da 100644
--- a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.json
+++ b/core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.json
@@ -1,6 +1,6 @@
 {
     "header_len": 4608,
-    "text": "QA ONLY, DO NOT USE!",
+    "text": "DEV ONLY, DO NOT USE!",
     "hw_model": null,
     "expiry": 0,
     "version": [0, 0],
diff --git a/core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.toif
new file mode 120000
index 000000000..3dc5d9734
--- /dev/null
+++ b/core/embed/vendorheader/T2T1/vendor_dev_DO_NOT_SIGN.toif
@@ -0,0 +1 @@
+./vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif b/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
deleted file mode 120000
index 32ec8b259..000000000
--- a/core/embed/vendorheader/T2T1/vendor_qa_DO_NOT_SIGN.toif
+++ /dev/null
@@ -1 +0,0 @@
-vendor_satoshilabs.toif
\ No newline at end of file
diff --git a/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
similarity index 96%
rename from core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin
rename to core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin
index bcfc1226e..574ef8b28 100644
Binary files a/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_signed_dev.bin and b/core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ
diff --git a/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
similarity index 98%
rename from core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin
rename to core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin
index ba6872ce1..a4dacb6cd 100644
Binary files a/core/embed/vendorheader/T2T1/vendorheader_qa_DO_NOT_SIGN_unsigned.bin and b/core/embed/vendorheader/T2T1/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ
diff --git a/core/embed/vendorheader/generate.sh b/core/embed/vendorheader/generate.sh
index fd0a19c30..7dc1a264f 100755
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@@ -20,6 +20,7 @@ MODELS=(T2T1 T2B1 D001)
 
 for MODEL in ${MODELS[@]}; do
     cd $MODEL
+    echo "Generating vendor headers for $MODEL"
     # construct all vendor headers
     for fn in *.json; do
         name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
@@ -29,7 +30,7 @@ for MODEL in ${MODELS[@]}; do
     TMPDIR=$(mktemp -d)
     trap "rm -rf $TMPDIR" EXIT
     # sign dev and QA vendor header
-    for name in unsafe qa_DO_NOT_SIGN; do
+    for name in unsafe dev_DO_NOT_SIGN; do
         SRC_NAME="vendorheader_${name}_unsigned.bin"
         DEST_NAME="vendorheader_${name}_signed_dev.bin"
         if [ ! -f "$SRC_NAME" ]; then