diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d9984e2..03fddd5 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -25,8 +25,6 @@ jobs:
         run: |
           sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
           make deps
-          brew install conan
-          conan config install https://github.com/conan-io/conanclientcert.git
       - run: cmake -DCMAKE_BUILD_TYPE=Debug . && make
       - run: GTEST_COLOR=1 ASAN_OPTIONS=detect_leaks=0 ctest -VV
 
diff --git a/app/src/crypto.c b/app/src/crypto.c
index 34167ba..a9da358 100644
--- a/app/src/crypto.c
+++ b/app/src/crypto.c
@@ -35,6 +35,7 @@ zxerr_t crypto_extractPublicKey(key_kind_e addressKind, const uint32_t path[HDPA
     if (pubKeyLen < PK_LEN_25519) {
         return zxerr_invalid_crypto_settings;
     }
+     zxerr_t err = zxerr_ok;
 
     BEGIN_TRY
     {
@@ -72,16 +73,12 @@ zxerr_t crypto_extractPublicKey(key_kind_e addressKind, const uint32_t path[HDPA
                         break;
 #endif
                 default:
-                    CLOSE_TRY;
-                    return zxerr_invalid_crypto_settings;
+                    err = zxerr_invalid_crypto_settings;
             }
         }
         CATCH_ALL
         {
-            MEMZERO(&cx_privateKey, sizeof(cx_privateKey));
-            MEMZERO(privateKeyData, SK_LEN_25519);
-            CLOSE_TRY;
-            return zxerr_unknown;
+            err = zxerr_unknown;
         }
         FINALLY
         {
@@ -91,7 +88,7 @@ zxerr_t crypto_extractPublicKey(key_kind_e addressKind, const uint32_t path[HDPA
     }
     END_TRY;
 
-    return zxerr_ok;
+    return err;
 }
 
 zxerr_t crypto_sign_ed25519(uint8_t *signature, uint16_t signatureMaxlen,
@@ -114,6 +111,8 @@ zxerr_t crypto_sign_ed25519(uint8_t *signature, uint16_t signatureMaxlen,
     int signatureLength = 0;
     unsigned int info = 0;
 
+    zxerr_t err = zxerr_ok;
+
     BEGIN_TRY
     {
         TRY
@@ -147,11 +146,8 @@ zxerr_t crypto_sign_ed25519(uint8_t *signature, uint16_t signatureMaxlen,
         }
         CATCH_ALL
         {
-            MEMZERO(&cx_privateKey, sizeof(cx_privateKey));
-            MEMZERO(privateKeyData, SK_LEN_25519);
             *signatureLen = 0;
-            CLOSE_TRY;
-            return zxerr_unknown;
+            err = zxerr_unknown;
         }
         FINALLY
         {
@@ -161,7 +157,7 @@ zxerr_t crypto_sign_ed25519(uint8_t *signature, uint16_t signatureMaxlen,
         }
     }
     END_TRY;
-    return zxerr_ok;
+    return err;
 }
 
 #ifdef SUPPORT_SR25519
@@ -205,14 +201,12 @@ zxerr_t crypto_sign_sr25519_prephase(uint8_t *buffer, uint16_t bufferLen,
 zxerr_t crypto_sign_sr25519(uint8_t *signature, uint16_t signatureMaxlen,
                             uint16_t *signatureLen) {
 
+    zxerr_t err = zxerr_ok;
+
     BEGIN_TRY
     {
         TRY
         {
-            if (signatureMaxlen < MIN_BUFFER_LENGTH) {
-                CLOSE_TRY;
-                return zxerr_invalid_crypto_settings;
-            }
             *signature = PREFIX_SIGNATURE_TYPE_SR25519;
             sign_sr25519_phase1((uint8_t *) &N_sr25519_signdata.sk, (uint8_t *) &N_sr25519_signdata.pk, NULL, 0,
                          (uint8_t *) &N_sr25519_signdata.signdata, sr25519_signdataLen, signature + 1);
@@ -223,8 +217,7 @@ zxerr_t crypto_sign_sr25519(uint8_t *signature, uint16_t signatureMaxlen,
         }
         CATCH_ALL
         {
-            CLOSE_TRY;
-            return zxerr_unknown;
+            err = zxerr_unknown;
         };
         FINALLY
         {
@@ -232,7 +225,7 @@ zxerr_t crypto_sign_sr25519(uint8_t *signature, uint16_t signatureMaxlen,
         }
     }
     END_TRY;
-    return zxerr_ok;
+    return err;
 }
 #endif
 
diff --git a/app/src/secret.c b/app/src/secret.c
index 6efc258..78f0c8e 100644
--- a/app/src/secret.c
+++ b/app/src/secret.c
@@ -21,6 +21,7 @@
 #include "tx.h"
 #include "view.h"
 #include "app_mode.h"
+#include "zxformat.h"
 
 void secret_accept() {
 #ifdef APP_SECRET_MODE_ENABLED