diff --git a/bootloader/usb.c b/bootloader/usb.c
index a15ce61..ee007c6 100644
--- a/bootloader/usb.c
+++ b/bootloader/usb.c
@@ -439,6 +439,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
 			if (brand_new_firmware || button.YesUp) {
 				// backup metadata
 				backup_metadata(meta_backup);
+				flash_wait_for_last_operation();
 				flash_clear_status_flags();
 				flash_unlock();
 				// erase metadata area
@@ -452,6 +453,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
 					flash_erase_sector(i, FLASH_CR_PROGRAM_X32);
 				}
 				layoutProgress("INSTALLING ... Please wait", 0);
+				flash_wait_for_last_operation();
 				flash_lock();
 
 				// check that metadata was succesfully erased
diff --git a/firmware/protect.c b/firmware/protect.c
index 82a1989..f270d08 100644
--- a/firmware/protect.c
+++ b/firmware/protect.c
@@ -212,24 +212,27 @@ bool protectPin(bool use_cached)
 
 bool protectChangePin(void)
 {
-	const char *pin;
-	char pin1[17], pin2[17];
-	pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_NewFirst, _("Please enter new PIN:"));
+	static CONFIDENTIAL char pin_compare[17];
+
+	const char *pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_NewFirst, _("Please enter new PIN:"));
+
 	if (!pin) {
 		return false;
 	}
-	strlcpy(pin1, pin, sizeof(pin1));
+
+	strlcpy(pin_compare, pin, sizeof(pin_compare));
+
 	pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_NewSecond, _("Please re-enter new PIN:"));
-	if (!pin) {
-		return false;
-	}
-	strlcpy(pin2, pin, sizeof(pin2));
-	if (strcmp(pin1, pin2) == 0) {
-		storage_setPin(pin1);
-		return true;
-	} else {
-		return false;
+
+	const bool result = pin && (strncmp(pin_compare, pin, sizeof(pin_compare)) == 0);
+
+	if (result) {
+		storage_setPin(pin_compare);
 	}
+
+	memset(pin_compare, 0, sizeof(pin_compare));
+
+	return result;
 }
 
 bool protectPassphrase(void)
diff --git a/firmware/u2f.c b/firmware/u2f.c
index 2390218..2c084da 100644
--- a/firmware/u2f.c
+++ b/firmware/u2f.c
@@ -32,7 +32,6 @@
 #include "rng.h"
 #include "hmac.h"
 #include "util.h"
-#include "macros.h"
 #include "gettext.h"
 
 #include "u2f/u2f.h"
@@ -274,7 +273,7 @@ void u2fhid_wink(const uint8_t *buf, uint32_t len)
 		dialog_timeout = U2F_TIMEOUT;
 
 	U2FHID_FRAME f;
-	MEMSET_BZERO(&f, sizeof(f));
+	memset(&f, 0, sizeof(f));
 	f.cid = cid;
 	f.init.cmd = U2FHID_WINK;
 	f.init.bcntl = 0;
@@ -294,7 +293,7 @@ void u2fhid_init(const U2FHID_FRAME *in)
 		return;
 	}
 
-	MEMSET_BZERO(&f, sizeof(f));
+	memset(&f, 0, sizeof(f));
 	f.cid = in->cid;
 	f.init.cmd = U2FHID_INIT;
 	f.init.bcnth = 0;
@@ -374,7 +373,7 @@ void send_u2fhid_msg(const uint8_t cmd, const uint8_t *data, const uint32_t len)
 
 	// debugLog(0, "", "send_u2fhid_msg");
 
-	MEMSET_BZERO(&f, sizeof(f));
+	memset(&f, 0, sizeof(f));
 	f.cid = cid;
 	f.init.cmd = cmd;
 	f.init.bcnth = len >> 8;
@@ -390,7 +389,7 @@ void send_u2fhid_msg(const uint8_t cmd, const uint8_t *data, const uint32_t len)
 	// Cont packet(s)
 	for (; l > 0; l -= psz, p += psz) {
 		// debugLog(0, "", "send_u2fhid_msg con");
-		MEMSET_BZERO(&f.cont.data, sizeof(f.cont.data));
+		memset(&f.cont.data, 0, sizeof(f.cont.data));
 		f.cont.seq = seq++;
 		psz = MIN(sizeof(f.cont.data), l);
 		memcpy(f.cont.data, p, psz);
@@ -407,7 +406,7 @@ void send_u2fhid_error(uint32_t fcid, uint8_t err)
 {
 	U2FHID_FRAME f;
 
-	MEMSET_BZERO(&f, sizeof(f));
+	memset(&f, 0, sizeof(f));
 	f.cid = fcid;
 	f.init.cmd = U2FHID_ERROR;
 	f.init.bcntl = 1;
@@ -585,8 +584,7 @@ void u2f_register(const APDU *a)
 	if (last_req_state == REG_PASS) {
 		uint8_t data[sizeof(U2F_REGISTER_RESP) + 2];
 		U2F_REGISTER_RESP *resp = (U2F_REGISTER_RESP *)&data;
-		MEMSET_BZERO(data, sizeof(data));
-
+		memset(data, 0, sizeof(data));
 
 		resp->registerId = U2F_REGISTER_ID;
 		resp->keyHandleLen = KEY_HANDLE_LEN;
diff --git a/memory.ld b/memory.ld
index 94667b4..b147a90 100644
--- a/memory.ld
+++ b/memory.ld
@@ -10,7 +10,7 @@ SECTIONS
 {
 	.confidential (NOLOAD) : {
 		*(confidential)
-		ASSERT ((SIZEOF(.confidential) <= 32K), "Error: Confidential section too big!");
+		ASSERT ((SIZEOF(.confidential) <= 33K), "Error: Confidential section too big!");
 	} >ram
 }
 
diff --git a/memory_app_1.0.0.ld b/memory_app_1.0.0.ld
index 7a09b78..291bfd3 100644
--- a/memory_app_1.0.0.ld
+++ b/memory_app_1.0.0.ld
@@ -10,7 +10,7 @@ SECTIONS
 {
 	.confidential (NOLOAD) : {
 		*(confidential)
-		ASSERT ((SIZEOF(.confidential) <= 32K), "Error: Confidential section too big!");
+		ASSERT ((SIZEOF(.confidential) <= 33K), "Error: Confidential section too big!");
 	} >ram
 }
 
diff --git a/memory_app_fastflash.ld b/memory_app_fastflash.ld
index 55b0fb6..fc17e75 100644
--- a/memory_app_fastflash.ld
+++ b/memory_app_fastflash.ld
@@ -10,7 +10,7 @@ SECTIONS
 {
 	.confidential (NOLOAD) : {
 		*(confidential)
-		ASSERT ((SIZEOF(.confidential) <= 32K), "Error: Confidential section too big!");
+		ASSERT ((SIZEOF(.confidential) <= 33K), "Error: Confidential section too big!");
 	} >ram
 }