diff --git a/python/.changelog.d/2801.fixed b/python/.changelog.d/2801.fixed
new file mode 100644
index 000000000..59b0b5686
--- /dev/null
+++ b/python/.changelog.d/2801.fixed
@@ -0,0 +1 @@
+Fixed behavior of `trezorctl fw` with unsigned Trezor One firmwares.
diff --git a/python/src/trezorlib/cli/firmware.py b/python/src/trezorlib/cli/firmware.py
index 6c0b94e96..7599dff8e 100644
--- a/python/src/trezorlib/cli/firmware.py
+++ b/python/src/trezorlib/cli/firmware.py
@@ -77,7 +77,9 @@ def print_firmware_version(fw: "firmware.FirmwareType") -> None:
         _print_version(fw.firmware.header.version)
 
 
-def validate_signatures(fw: "firmware.FirmwareType") -> None:
+def validate_signatures(
+    fw: "firmware.FirmwareType", prompt_unsigned: bool = True
+) -> None:
     """Check the signatures on the firmware.
 
     Prints the validity status.
@@ -86,14 +88,17 @@ def validate_signatures(fw: "firmware.FirmwareType") -> None:
     """
     try:
         fw.verify()
-        click.echo("Signatures are valid.")
     except firmware.Unsigned:
-        if not isinstance(fw, firmware.LegacyFirmware):
-            raise
+        if not prompt_unsigned or not isinstance(
+            fw, (firmware.LegacyFirmware, firmware.LegacyV2Firmware)
+        ):
+            click.echo("Firmware is not signed, aborting.")
+            sys.exit(4)
 
         # allow legacy firmware without signatures
         if not click.confirm("No signatures found. Continue?", default=False):
             sys.exit(1)
+
         if firmware.is_onev2(fw):
             try:
                 assert fw.embedded_v2 is not None
@@ -337,6 +342,7 @@ def validate_firmware(
     fingerprint: Optional[str] = None,
     bootloader_onev2: Optional[bool] = None,
     trezor_major_version: Optional[int] = None,
+    prompt_unsigned: bool = True,
 ) -> None:
     """Validate the firmware through multiple tests.
 
@@ -352,7 +358,7 @@ def validate_firmware(
 
     print_firmware_version(fw)
     validate_fingerprint(fw, fingerprint)
-    validate_signatures(fw)
+    validate_signatures(fw, prompt_unsigned=prompt_unsigned)
 
     if bootloader_onev2 is not None and trezor_major_version is not None:
         check_device_match(
@@ -447,6 +453,7 @@ def verify(
         fingerprint=fingerprint,
         bootloader_onev2=bootloader_onev2,
         trezor_major_version=trezor_major_version,
+        prompt_unsigned=False,
     )