diff --git a/legacy/bootloader/bootloader.c b/legacy/bootloader/bootloader.c
index 66c1d46bb..af78230e9 100644
--- a/legacy/bootloader/bootloader.c
+++ b/legacy/bootloader/bootloader.c
@@ -64,7 +64,6 @@ void show_unplug(const char *line1, const char *line2) {
                "You may now", "unplug your Trezor.", NULL);
 }
 
-#if !BOOTLOADER_QA
 static void show_unofficial_warning(const uint8_t *hash) {
 // On production bootloader, show warning and wait for user
 // to accept or reject it
@@ -94,7 +93,6 @@ static void show_unofficial_warning(const uint8_t *hash) {
   delay(100000000);
 #endif
 }
-#endif
 
 static void __attribute__((noreturn)) load_app(int signed_firmware) {
   // zero out SRAM
@@ -161,11 +159,7 @@ int main(void) {
     uint8_t fingerprint[32] = {0};
     int signed_firmware = signatures_match(hdr, fingerprint);
     if (SIG_OK != signed_firmware) {
-#if BOOTLOADER_QA
-      show_halt("Unsigned firmware", "Won't run on QA device");
-#else
       show_unofficial_warning(fingerprint);
-#endif
     }
 #if !PRODUCTION && !BOOTLOADER_QA && !DEBUG_T1_SIGNATURES
     // try to avoid bricking board SWD debug by accident
diff --git a/legacy/bootloader/usb.c b/legacy/bootloader/usb.c
index 7412f34ed..37b5c066e 100644
--- a/legacy/bootloader/usb.c
+++ b/legacy/bootloader/usb.c
@@ -412,12 +412,20 @@ static void rx_callback(usbd_device *dev, uint8_t ep) {
 
   if (flash_state == STATE_CHECK) {
     // use the firmware header from RAM
-    const image_header *hdr = (const image_header *)FW_HEADER;
+    image_header *hdr = (image_header *)FW_HEADER;
 
     bool hash_check_ok;
     // show fingerprint of unsigned firmware
     // allow only v3 signmessage/verifymessage signatures
     if (SIG_OK != signatures_ok(hdr, NULL, sectrue)) {
+      // clear invalid signatures
+      hdr->sigindex1 = 0;
+      hdr->sigindex2 = 0;
+      hdr->sigindex3 = 0;
+      memset(hdr->sig1, 0, sizeof(hdr->sig1));
+      memset(hdr->sig2, 0, sizeof(hdr->sig2));
+      memset(hdr->sig3, 0, sizeof(hdr->sig3));
+
       if (msg_id != 0x001B) {  // ButtonAck message (id 27)
         return;
       }
diff --git a/legacy/fw_signatures.c b/legacy/fw_signatures.c
index 24b0046c2..92e0f85cc 100644
--- a/legacy/fw_signatures.c
+++ b/legacy/fw_signatures.c
@@ -191,9 +191,10 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
     return SIG_FAIL;  // invalid index
   if (hdr->sigindex2 < 1 || hdr->sigindex2 > pubkeys)
     return SIG_FAIL;  // invalid index
-  if (use_verifymessage != sectrue &&
-      (hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys)) {
-    return SIG_FAIL;  // invalid index
+  if (use_verifymessage != sectrue) {
+    if (hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys) {
+      return SIG_FAIL;  // invalid index
+    }
   } else if (hdr->sigindex3 != 0) {
     return SIG_FAIL;
   }
@@ -210,10 +211,12 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
                                hdr->sig2, hash)) {  // failure
     return SIG_FAIL;
   }
-  if (use_verifymessage != sectrue &&
-      (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
-                                hdr->sig3, hash))) {  // failure
-    return SIG_FAIL;
+  if (use_verifymessage != sectrue) {
+    if (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
+                                 hdr->sig3, hash))  // failure
+    {
+      return SIG_FAIL;
+    }
   } else {
     for (unsigned int i = 0; i < sizeof(hdr->sig3); i++) {
       if (hdr->sig3[i] != 0) {