diff --git a/Makefile b/Makefile
index 5b1436c2d..5dbfb58e1 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,7 @@ SCONS = scons -Q -j $(JOBS)
 
 BOARDLOADER_BUILD_DIR = build/boardloader
 BOOTLOADER_BUILD_DIR  = build/bootloader
+PRODTEST_BUILD_DIR    = build/prodtest
 FIRMWARE_BUILD_DIR    = build/firmware
 
 UNAME_S := $(shell uname -s)
@@ -74,7 +75,7 @@ style: ## run code style check on application sources
 
 ## build commands:
 
-build: build_boardloader build_bootloader build_firmware build_unix build_cross ## build all
+build: build_boardloader build_bootloader build_prodtest build_firmware build_unix build_cross ## build all
 
 build_boardloader: ## build boardloader
 	$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" build/boardloader/boardloader.bin
@@ -83,7 +84,7 @@ build_bootloader: ## build bootloader
 	$(SCONS) CFLAGS="$(CFLAGS)" PRODUCTION="$(PRODUCTION)" build/bootloader/bootloader.bin
 
 build_prodtest: ## build production test firmware
-	$(SCONS) CFLAGS="$(CFLAGS)" build/prodtest/firmware.bin
+	$(SCONS) CFLAGS="$(CFLAGS)" build/prodtest/prodtest.bin
 
 build_firmware: res build_cross ## build firmware with frozen modules
 	$(SCONS) CFLAGS="$(CFLAGS)" build/firmware/firmware.bin
@@ -129,6 +130,9 @@ flash_boardloader: $(BOARDLOADER_BUILD_DIR)/boardloader.bin ## flash boardloader
 flash_bootloader: $(BOOTLOADER_BUILD_DIR)/bootloader.bin ## flash bootloader using OpenOCD
 	$(OPENOCD) -c "init; reset halt; flash write_image erase $< $(BOOTLOADER_START); exit"
 
+flash_prodtest: $(PRODTEST_BUILD_DIR)/prodtest.bin ## flash prodtest using OpenOCD
+	$(OPENOCD) -c "init; reset halt; flash write_image erase $< $(FIRMWARE_START); exit"
+
 flash_firmware: $(FIRMWARE_BUILD_DIR)/firmware.bin ## flash firmware using OpenOCD
 	$(OPENOCD) -c "init; reset halt; flash write_image erase $< $(FIRMWARE_START); exit"
 
@@ -186,3 +190,6 @@ combine: ## combine boardloader + bootloader + firmware into one combined image
 
 upload: ## upload firmware using trezorctl
 	trezorctl firmware_update -f $(FIRMWARE_BUILD_DIR)/firmware.bin
+
+upload_prodtest: ## upload prodtest using trezorctl
+	trezorctl firmware_update -f $(PRODTEST_BUILD_DIR)/prodtest.bin
diff --git a/SConscript.boardloader b/SConscript.boardloader
index 61dd10d78..74bf24235 100644
--- a/SConscript.boardloader
+++ b/SConscript.boardloader
@@ -116,10 +116,10 @@ env.Replace(
         'vendor/micropython/lib/cmsis/inc',
     ] + CPPPATH_MOD,
     CPPDEFINES=[
-        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
-        'STM32F427xx',
         'TREZOR_STM32',
         'MCU_SERIES_F4',
+        'STM32F427xx',
+        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
     ] + CPPDEFINES_MOD,
     ASFLAGS='-mthumb -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16',
     ASPPFLAGS='$CFLAGS $CCFLAGS', )
diff --git a/SConscript.bootloader b/SConscript.bootloader
index c220323ee..31a46b7b5 100644
--- a/SConscript.bootloader
+++ b/SConscript.bootloader
@@ -136,10 +136,10 @@ env.Replace(
         'vendor/micropython/lib/cmsis/inc',
     ] + CPPPATH_MOD,
     CPPDEFINES=[
-        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
-        'STM32F427xx',
         'TREZOR_STM32',
         'MCU_SERIES_F4',
+        'STM32F427xx',
+        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
         'PB_FIELD_16BIT',
     ] + CPPDEFINES_MOD,
     ASFLAGS='-mthumb -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16',
diff --git a/SConscript.firmware b/SConscript.firmware
index 26c02a625..a33b90daf 100644
--- a/SConscript.firmware
+++ b/SConscript.firmware
@@ -347,13 +347,13 @@ env.Replace(
     ASPPFLAGS='$CFLAGS $CCFLAGS', )
 
 env.Replace(
+    BINCTL='tools/binctl',
+    COMBINE_SIGN='tools/combine_sign',
     PYTHON='python',
     MAKEQSTRDATA='$PYTHON vendor/micropython/py/makeqstrdata.py',
     MAKEVERSIONHDR='$PYTHON vendor/micropython/py/makeversionhdr.py',
     MPY_TOOL='$PYTHON vendor/micropython/tools/mpy-tool.py',
     MPY_CROSS='vendor/micropython/mpy-cross/mpy-cross',
-    BINCTL='tools/binctl',
-    COMBINE_SIGN='tools/combine_sign',
 )
 
 #
diff --git a/SConscript.prodtest b/SConscript.prodtest
index 185e229a1..de82418be 100644
--- a/SConscript.prodtest
+++ b/SConscript.prodtest
@@ -99,27 +99,29 @@ env.Replace(
     '-fstack-protector-all -ffreestanding '
     + CCFLAGS_MOD,
     CCFLAGS_QSTR='-DNO_QSTR -DN_X64 -DN_X86 -DN_THUMB',
-    LINKFLAGS='-nostdlib -T embed/prodtest/memory.ld --gc-sections -Map=build/prodtest/firmware.map --warn-common',
+    LINKFLAGS='-nostdlib -T embed/prodtest/memory.ld --gc-sections -Map=build/prodtest/prodtest.map --warn-common',
     CPPPATH=[
         'embed/prodtest',
         'embed/trezorhal',
         'embed/extmod/modtrezorui',
-        'vendor/micropython/ports/stm32',
         'vendor/micropython/lib/stm32lib/STM32F4xx_HAL_Driver/Inc',
         'vendor/micropython/lib/stm32lib/CMSIS/STM32F4xx/Include',
         'vendor/micropython/lib/cmsis/inc',
+        'vendor/micropython/ports/stm32',
     ] + CPPPATH_MOD,
     CPPDEFINES=[
-        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
-        'STM32F427xx',
         'TREZOR_STM32',
         'MCU_SERIES_F4',
+        'STM32F427xx',
+        ('STM32_HAL_H', '"<stm32f4xx_hal.h>"'),
     ] + CPPDEFINES_MOD,
     ASFLAGS='-mthumb -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16',
     ASPPFLAGS='$CFLAGS $CCFLAGS', )
 
 env.Replace(
-    BINCTL='tools/binctl', )
+    BINCTL='tools/binctl',
+    COMBINE_SIGN='tools/combine_sign',
+)
 
 #
 # Program objects
@@ -140,16 +142,18 @@ obj_program.extend(
         ' $SOURCE $TARGET', ))
 
 program_elf = env.Command(
-    target='firmware.elf',
+    target='prodtest.elf',
     source=obj_program,
     action=
     '$LINK -o $TARGET $LINKFLAGS $SOURCES `$CC $CFLAGS $CCFLAGS $_CCCOMCOM -print-libgcc-file-name` `$CC $CFLAGS $CCFLAGS $_CCCOMCOM -print-file-name=libc_nano.a`',
 )
 
 program_bin = env.Command(
-    target='firmware.bin',
+    target='prodtest.bin',
     source=program_elf,
     action=[
-        '$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
-        '$BINCTL $TARGET -s 1:2 4747474747474747474747474747474747474747474747474747474747474747:4848484848484848484848484848484848484848484848484848484848484848',
+        '$OBJCOPY -O binary -j .vendorheader -j .header -j .flash -j .data $SOURCE $TARGET',
+        '$BINCTL $TARGET -h',
+        'dd if=$TARGET of=build/prodtest/header.tosign bs=1 count=1024 skip=`stat -c%s embed/firmware/vendorheader.bin`',
+        '$BINCTL $TARGET -s 1:2 `$COMBINE_SIGN firmware build/prodtest/header.tosign 4747474747474747474747474747474747474747474747474747474747474747 4848484848484848484848484848484848484848484848484848484848484848`',
     ], )
diff --git a/embed/firmware/version.h b/embed/firmware/version.h
index cb1e4a091..a62341fe9 100644
--- a/embed/firmware/version.h
+++ b/embed/firmware/version.h
@@ -2,8 +2,3 @@
 #define VERSION_MINOR 1
 #define VERSION_PATCH 0
 #define VERSION_BUILD 0
-
-#define STR_HELPER(X) #X
-#define STRINGIZE(X) STR_HELPER(X)
-
-#define VERSION_STR STRINGIZE(VERSION_MAJOR) "." STRINGIZE(VERSION_MINOR) "." STRINGIZE(VERSION_PATCH) "." STRINGIZE(VERSION_BUILD)
diff --git a/embed/prodtest/header.S b/embed/prodtest/header.S
index 385adf043..5f3039869 100644
--- a/embed/prodtest/header.S
+++ b/embed/prodtest/header.S
@@ -16,7 +16,9 @@ g_header:
     .byte VERSION_MINOR              // vminor
     .byte VERSION_PATCH              // vpatch
     .byte VERSION_BUILD              // vbuild
-    . = . + 427                      // reserved
+    . = . + 12                       // reserved
+    . = . + 512                      // hash1 ... hash16
+    . = . + 415                      // reserved
     .byte 0                          // sigmask
     . = . + 64                       // sig
 g_header_end:
diff --git a/embed/prodtest/main.c b/embed/prodtest/main.c
index 5fadb762d..1e4a540b8 100644
--- a/embed/prodtest/main.c
+++ b/embed/prodtest/main.c
@@ -14,12 +14,13 @@
 #include "common.h"
 #include "display.h"
 #include "flash.h"
+#include "mini_printf.h"
 #include "rng.h"
 #include "sbu.h"
 #include "sdcard.h"
+#include "secbool.h"
 #include "touch.h"
 #include "usb.h"
-#include "mini_printf.h"
 
 enum { VCP_IFACE = 0x00 };
 
@@ -140,22 +141,22 @@ static void test_display(const char *colors)
     vcp_printf("OK");
 }
 
-static bool touch_click_timeout(uint32_t *touch, uint32_t timeout_ms)
+static secbool touch_click_timeout(uint32_t *touch, uint32_t timeout_ms)
 {
     uint32_t deadline = HAL_GetTick() + timeout_ms;
     uint32_t r = 0;
 
     while (touch_read());
     while ((touch_read() & TOUCH_START) == 0) {
-        if (HAL_GetTick() > deadline) return false;
+        if (HAL_GetTick() > deadline) return secfalse;
     }
     while (((r = touch_read()) & TOUCH_END) == 0) {
-        if (HAL_GetTick() > deadline) return false;
+        if (HAL_GetTick() > deadline) return secfalse;
     }
     while (touch_read());
 
     *touch = r;
-    return true;
+    return sectrue;
 }
 
 static void test_touch(const char *args)
@@ -172,8 +173,8 @@ static void test_touch(const char *args)
     }
     display_refresh();
 
-    uint32_t click = 0;
-    if (touch_click_timeout(&click, timeout * 1000)) {
+    uint32_t evt = 0;
+    if (touch_click_timeout(&evt, timeout * 1000)) {
         uint32_t x = (evt & 0xFF00) >> 8;
         uint32_t y = (evt & 0xFF);
         vcp_printf("OK %d %d", x, y);
@@ -228,8 +229,8 @@ power_off:
 
 static void test_sbu(const char *args)
 {
-    bool sbu1 = args[0] == '1';
-    bool sbu2 = args[1] == '1';
+    secbool sbu1 = sectrue * (args[0] == '1');
+    secbool sbu2 = sectrue * (args[1] == '1');
     sbu_set(sbu1, sbu2);
     vcp_printf("OK");
 }
@@ -252,9 +253,9 @@ static void test_otp_write(const char *args)
     vcp_printf("OK");
 }
 
-static bool startswith(const char *s, const char *prefix)
+static secbool startswith(const char *s, const char *prefix)
 {
-    return strncmp(s, prefix, strlen(prefix)) == 0;
+    return sectrue * (0 == strncmp(s, prefix, strlen(prefix)));
 }
 
 int main(void)
diff --git a/embed/prodtest/memory.ld b/embed/prodtest/memory.ld
index ddc3a8ee9..326c64edb 100644
--- a/embed/prodtest/memory.ld
+++ b/embed/prodtest/memory.ld
@@ -33,8 +33,11 @@ _heap_start = ADDR(.heap);
 _heap_end = ADDR(.heap) + SIZEOF(.heap);
 
 SECTIONS {
-  .header : ALIGN(4) {
+  .vendorheader : ALIGN(4) {
     KEEP(*(.vendorheader))
+  } >FLASH AT>FLASH
+
+  .header : ALIGN(4) {
     KEEP(*(.header));
   } >FLASH AT>FLASH
 
diff --git a/embed/prodtest/startup.s b/embed/prodtest/startup.s
index 6603a292e..cbcfb67bd 100644
--- a/embed/prodtest/startup.s
+++ b/embed/prodtest/startup.s
@@ -36,7 +36,6 @@ reset_handler:
   // enter the application code
   bl main
 
-  // loop forever if the application code returns
-  b .
+  b shutdown
 
   .end
diff --git a/embed/prodtest/version.h b/embed/prodtest/version.h
index cb1e4a091..a62341fe9 100644
--- a/embed/prodtest/version.h
+++ b/embed/prodtest/version.h
@@ -2,8 +2,3 @@
 #define VERSION_MINOR 1
 #define VERSION_PATCH 0
 #define VERSION_BUILD 0
-
-#define STR_HELPER(X) #X
-#define STRINGIZE(X) STR_HELPER(X)
-
-#define VERSION_STR STRINGIZE(VERSION_MAJOR) "." STRINGIZE(VERSION_MINOR) "." STRINGIZE(VERSION_PATCH) "." STRINGIZE(VERSION_BUILD)