diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config
index a9fcdc913..e7fbb8f1c 100644
--- a/boards/nitropad-ns50/nitropad-ns50.config
+++ b/boards/nitropad-ns50/nitropad-ns50.config
@@ -20,8 +20,6 @@ CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 
-CONFIG_IOTOOLS=y
-
 CONFIG_DROPBEAR=y
 
 CONFIG_MSRTOOLS=y
diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config
index 7f6c17c15..472d51ff8 100644
--- a/boards/nitropad-nv41/nitropad-nv41.config
+++ b/boards/nitropad-nv41/nitropad-nv41.config
@@ -20,8 +20,6 @@ CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 
-CONFIG_IOTOOLS=y
-
 CONFIG_DROPBEAR=y
 
 CONFIG_MSRTOOLS=y
diff --git a/config/coreboot-nitropad-ns50.config b/config/coreboot-nitropad-ns50.config
index 37740dd1c..809339396 100644
--- a/config/coreboot-nitropad-ns50.config
+++ b/config/coreboot-nitropad-ns50.config
@@ -214,10 +214,10 @@ CONFIG_COREBOOT_ROMSIZE_KB=32768
 CONFIG_ROM_SIZE=0x02000000
 CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
 CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
-# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set
-CONFIG_POWER_STATE_ON_AFTER_FAILURE=y
+CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
+# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
 # CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
-CONFIG_MAINBOARD_POWER_FAILURE_STATE=1
+CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
 # end of Mainboard
 
 CONFIG_SYSTEM_TYPE_LAPTOP=y
diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-nitropad-nv41.config
index 43562ff57..68169478e 100644
--- a/config/coreboot-nitropad-nv41.config
+++ b/config/coreboot-nitropad-nv41.config
@@ -213,10 +213,10 @@ CONFIG_COREBOOT_ROMSIZE_KB=32768
 CONFIG_ROM_SIZE=0x02000000
 CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
 CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
-# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set
-CONFIG_POWER_STATE_ON_AFTER_FAILURE=y
+CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
+#CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
 # CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
-CONFIG_MAINBOARD_POWER_FAILURE_STATE=1
+CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
 # end of Mainboard
 
 CONFIG_SYSTEM_TYPE_LAPTOP=y
diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
index edf3abba7..d3c97b57e 100755
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@@ -69,7 +69,9 @@ if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
 			}
 	else
 		warn "Hash of TPM2 primary key handle does not exist"
-		warn "Please rebuild the boot hash tree"
+		warn "Please rebuild the TPM2 primary key handle by settings a default OS to boot."
+		warn "Select Options-> Boot Options -> Show OS Boot Menu -> <Pick OS> -> Make default"
+		#TODO: Simplify/Automatize TPM2 firmware upgrade process. Today: upgrade, reboot, reseal(type TPM owner pass), resign, boot
 		default_failed="y"
 		DEBUG "Hash of TPM2 primary key handle does not exist under $PRIMHASH_FILE"
 	fi
diff --git a/initrd/bin/nitropad-shutdown.sh b/initrd/bin/nitropad-shutdown.sh
deleted file mode 100755
index e449bc311..000000000
--- a/initrd/bin/nitropad-shutdown.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/ash
-
-# Method to access IT5570 IO Depth 2 registers
-it5570_i2ec() {
-  # TODO: Use /dev/port instead of iotools
-
-  # Address high byte
-  iotools io_write8 0x2e 0x2e
-  iotools io_write8 0x2f 0x11
-  iotools io_write8 0x2e 0x2f
-  iotools io_write8 0x2f $(($2>>8 & 0xff))
-
-  # Address low byte
-  iotools io_write8 0x2e 0x2e
-  iotools io_write8 0x2f 0x10
-  iotools io_write8 0x2e 0x2f
-  iotools io_write8 0x2f $(($2 & 0xff))
-
-  # Data
-  iotools io_write8 0x2e 0x2e
-  iotools io_write8 0x2f 0x12
-  iotools io_write8 0x2e 0x2f
-
-  case $1 in
-    "r")
-      iotools io_read8 0x2f
-      ;;
-    "w")
-      iotools io_write8 0x2f "$3"
-      ;;
-  esac
-}
-
-# shut down using EC external watchdog reset
-it5570_i2ec w 0x1f01 0x20
-it5570_i2ec w 0x1f07 0x01
diff --git a/initrd/bin/poweroff b/initrd/bin/poweroff
index a27da23b8..ef4bdf863 100755
--- a/initrd/bin/poweroff
+++ b/initrd/bin/poweroff
@@ -8,11 +8,6 @@ if [ "$CONFIG_TPM" = "y" ]; then
 	tpmr shutdown
 fi
 
-# Run special EC-based poweroff for Nitropad-Nxx
-if [ "$CONFIG_BOARD" = "nitropad-nv41" ] || [ "$CONFIG_BOARD" = "nitropad-ns50" ]; then
-	/bin/nitropad-shutdown.sh
-fi
-
 # Sync all mounted filesystems
 echo s > /proc/sysrq-trigger
 
diff --git a/initrd/bin/reboot b/initrd/bin/reboot
index 26255f12c..358931e9c 100755
--- a/initrd/bin/reboot
+++ b/initrd/bin/reboot
@@ -17,11 +17,6 @@ if [ "$CONFIG_TPM" = "y" ]; then
 	tpmr shutdown
 fi
 
-# Run special EC-based poweroff for Nitropad-Nxx
-if [ "$CONFIG_BOARD" = "nitropad-nv41" ] || [ "$CONFIG_BOARD" = "nitropad-ns50" ]; then
-    /bin/nitropad-shutdown.sh
-fi
-
 # Sync all mounted filesystems
 echo s > /proc/sysrq-trigger
 
diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey
index 1abbf8b11..c70ddf89f 100755
--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@@ -136,12 +136,16 @@ if [ "$admin_pin_status" -ne 0 ]; then
     if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" ; then
       # don't leak key on failure
       shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
-      fatal_error "Setting HOTP secret failed"
+      if [ "$HOTPKEY_BRANDING" == "Nitrokey" ]; then
+	fatal_error "Setting HOTP secret failed, to reset nitrokey pin use: nitropy nk3 secrets reset or the Nitrokey App 2"
+      else
+	fatal_error "Setting HOTP secret failed"
+      fi
     fi
   fi
 else 
   # remind user to change admin password
-  echo -e "\nWARNING: default GPG admin PIN detected: please change this as soon as possible."
+  echo -e "\nWARNING: default admin PIN detected: please change this as soon as possible."
 fi
 
 # HOTP key no longer needed
diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions
index 078c3bdd2..f4e6cfb6a 100644
--- a/initrd/etc/ash_functions
+++ b/initrd/etc/ash_functions
@@ -347,8 +347,8 @@ enable_usb()
 	if ! lsmod | grep -q xhci_pci; then
 		insmod /lib/modules/xhci-pci.ko \
 		|| die "xhci_pci: module load failed"
-		sleep 2
 	fi
+	sleep 2
 
 	if [ "$CONFIG_USB_KEYBOARD" = y ]; then
 		if ! lsmod | grep -q usbhid; then
diff --git a/modules/hotp-verification b/modules/hotp-verification
index 6085a7680..14957e74b 100644
--- a/modules/hotp-verification
+++ b/modules/hotp-verification
@@ -2,12 +2,12 @@ modules-$(CONFIG_HOTPKEY) += hotp-verification
 
 hotp-verification_depends := libusb $(musl_dep)
 
-# v1.5
-hotp-verification_version := 70c04f51387eee8f777e943ba83b6405764a3cd2
+# v1.6
+hotp-verification_version := e9050e0c914e7a8ffef5d1c82a014e0e2bf79346
 hotp-verification_dir := hotp-verification-$(hotp-verification_version)
 hotp-verification_tar := nitrokey-hotp-verification-$(hotp-verification_version).tar.gz
 hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(hotp-verification_version).tar.gz
-hotp-verification_hash := 5244b6b514117f955a03be2363fd51567a125cb8dc904d1bd89351be27eb8bb3
+hotp-verification_hash := 480c978d3585eee73b9aa5186b471d4caeeeeba411217e1544eef7cfd90312ac
 
 hotp-verification_target := \
 	$(MAKE_JOBS) \
diff --git a/site-local/config b/site-local/config
index 85a8b8e52..63462c01d 100644
--- a/site-local/config
+++ b/site-local/config
@@ -3,31 +3,31 @@ BRAND_NAME=Dasharo
 ifeq "nitropad-nv41" "$(BOARD)"
 
 export CONFIG_BOARD_NAME="NovaCustom NV4xPZ"
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 export CONFIG_COREBOOT_SMBIOS_PRODUCT_NAME=NV4xPZ
 export CONFIG_COREBOOT_SMBIOS_MANUFACTURER=Notebook
 
 else ifeq "nitropad-ns50" "$(BOARD)"
 
 export CONFIG_BOARD_NAME="NovaCustom NS5x_NS7xPU"
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 export CONFIG_COREBOOT_SMBIOS_PRODUCT_NAME=NS5x_NS7xPU
 export CONFIG_COREBOOT_SMBIOS_MANUFACTURER=Notebook
 
 else ifeq "msi_z690a_ddr4" "$(BOARD)"
 
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 
 else ifeq "msi_z690a_ddr5" "$(BOARD)"
 
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 
 else ifeq "msi_z790p_ddr4" "$(BOARD)"
 
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 
 else ifeq "msi_z790p_ddr5" "$(BOARD)"
 
-export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.0"
+export CONFIG_COREBOOT_LOCALVERSION="\(coreboot+heads\) v0.9.1"
 
 endif