diff --git a/bin/device-install.bat b/bin/device-install.bat
index 3ffca0b63..816d2fbba 100755
--- a/bin/device-install.bat
+++ b/bin/device-install.bat
@@ -12,6 +12,7 @@ SET "BIGDB16=0"
 SET "ESPTOOL_BAUD=115200"
 SET "ESPTOOL_CMD="
 SET "LOGCOUNTER=0"
+SET "BPS_RESET=0"
 
 @REM FIXME: Determine mcu from PlatformIO variant, this is unmaintainable.
 SET "S3=s3 v3 t-deck wireless-paper wireless-tracker station-g2 unphone"
@@ -24,7 +25,7 @@ GOTO getopts
 :help
 ECHO Flash image file to device, but first erasing and writing system information.
 ECHO.
-ECHO Usage: %SCRIPT_NAME% -f filename [-p PORT] [-P python] (--web)
+ECHO Usage: %SCRIPT_NAME% -f filename [-p PORT] [-P python] (--web) [--1200bps-reset]
 ECHO.
 ECHO Options:
 ECHO     -f filename      The firmware .bin file to flash.  Custom to your device type and region. (required)
@@ -35,13 +36,16 @@ ECHO     -P python        Specify alternate python interpreter to use to invoke
 ECHO                      If supplied the script will use python.
 ECHO                      If not supplied the script will try to find esptool in Path.
 ECHO     --web            Enable WebUI. (default: false)
+ECHO     --1200bps-reset  Attempt to place the device in correct mode. (1200bps Reset)
+ECHO                      Some hardware requires this twice.
 ECHO.
+ECHO Example: %SCRIPT_NAME% -p COM17 --1200bps-reset
 ECHO Example: %SCRIPT_NAME% -f firmware-t-deck-tft-2.6.0.0b106d4.bin -p COM11
 ECHO Example: %SCRIPT_NAME% -f firmware-unphone-2.6.0.0b106d4.bin -p COM11 --web
 GOTO eof
 
 :version
-ECHO %SCRIPT_NAME% [Version 2.6.1]
+ECHO %SCRIPT_NAME% [Version 2.6.2]
 ECHO Meshtastic
 GOTO eof
 
@@ -58,10 +62,13 @@ IF "%~1"=="-p" SET "ESPTOOL_PORT=%~2" & SHIFT
 IF /I "%~1"=="--port" SET "ESPTOOL_PORT=%~2" & SHIFT
 IF "%~1"=="-P" SET "PYTHON=%~2" & SHIFT
 IF /I "%~1"=="--web" SET "WEB_APP=1"
+IF /I "%~1"=="--1200bps-reset" SET "BPS_RESET=1"
 SHIFT
 GOTO getopts
 :endopts
 
+IF %BPS_RESET% EQU 1 GOTO skip-filename
+
 CALL :LOG_MESSAGE DEBUG "Checking FILENAME parameter..."
 IF "__!FILENAME!__"=="____" (
     CALL :LOG_MESSAGE DEBUG "Missing -f filename input."
@@ -95,6 +102,9 @@ IF NOT "!FILENAME:update=!"=="!FILENAME!" (
     CALL :LOG_MESSAGE DEBUG "We are NOT working with a *update* file. !FILENAME!"
 )
 
+:skip-filename
+SET "ESPTOOL_BAUD=1200"
+
 CALL :LOG_MESSAGE DEBUG "Determine the correct esptool command to use..."
 IF NOT "__%PYTHON%__"=="____" (
     SET "ESPTOOL_CMD=!PYTHON! -m esptool"
@@ -133,6 +143,12 @@ IF "__!ESPTOOL_PORT!__" == "____" (
 )
 CALL :LOG_MESSAGE INFO "Using esptool baud: !ESPTOOL_BAUD!."
 
+IF %BPS_RESET% EQU 1 (
+    @REM Attempt to change mode via 1200bps Reset.
+    CALL :RUN_ESPTOOL !ESPTOOL_BAUD! --after no_reset read_flash_status
+    GOTO eof
+)
+
 @REM Check if FILENAME contains "-tft-" and set target partitionScheme accordingly.
 @REM https://github.com/meshtastic/web-flasher/blob/main/types/resources.ts#L3
 IF NOT "!FILENAME:-tft-=!"=="!FILENAME!" (
@@ -254,6 +270,7 @@ EXIT /B %ERRORLEVEL%
 IF %DEBUG% EQU 1 CALL :LOG_MESSAGE DEBUG "About to run command: !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4"
 CALL :RESET_ERROR
 !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4
+IF %BPS_RESET% EQU 1 GOTO :eof
 IF %ERRORLEVEL% NEQ 0 (
     CALL :LOG_MESSAGE ERROR "Error running command: !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4"
     EXIT /B %ERRORLEVEL%
diff --git a/bin/device-install.sh b/bin/device-install.sh
index 7fa5ffdbb..76765bb5f 100755
--- a/bin/device-install.sh
+++ b/bin/device-install.sh
@@ -2,6 +2,7 @@
 
 PYTHON=${PYTHON:-$(which python3 python | head -n 1)}
 WEB_APP=false
+BPS_RESET=false
 TFT_BUILD=false
 MCU=""
 
@@ -72,7 +73,7 @@ set -e
 # Usage info
 show_help() {
 	cat <<EOF
-Usage: $(basename $0) [-h] [-p ESPTOOL_PORT] [-P PYTHON] [-f FILENAME] [--web]
+Usage: $(basename $0) [-h] [-p ESPTOOL_PORT] [-P PYTHON] [-f FILENAME] [--web] [--1200bps-reset]
 Flash image file to device, but first erasing and writing system information.
 
     -h               Display this help and exit.
@@ -80,6 +81,7 @@ Flash image file to device, but first erasing and writing system information.
     -P PYTHON        Specify alternate python interpreter to use to invoke esptool. (Default: "$PYTHON")
     -f FILENAME      The firmware .bin file to flash.  Custom to your device type and region.
     --web            Enable WebUI. (Default: false)
+    --1200bps-reset  Attempt to place the device in correct mode. Some hardware requires this twice. (1200bps Reset)
 
 EOF
 }
@@ -105,6 +107,9 @@ while [ $# -gt 0 ]; do
 	--web)
 		WEB_APP=true
 		;;
+	--1200bps-reset)
+		BPS_RESET=true
+		;;
 	--) # Stop parsing options
 		shift
 		break
@@ -117,6 +122,11 @@ while [ $# -gt 0 ]; do
 	shift # Move to the next argument
 done
 
+if [[ $BPS_RESET == true ]]; then
+	$ESPTOOL_CMD --baud 1200 --after no_reset read_flash_status
+	exit 0
+fi
+
 [ -z "$FILENAME" -a -n "$1" ] && {
 	FILENAME=$1
 	shift
diff --git a/bin/device-update.bat b/bin/device-update.bat
index d9a4bd19a..6d55294a7 100755
--- a/bin/device-update.bat
+++ b/bin/device-update.bat
@@ -8,12 +8,13 @@ SET "PYTHON="
 SET "ESPTOOL_BAUD=115200"
 SET "ESPTOOL_CMD="
 SET "LOGCOUNTER=0"
+SET "CHANGE_MODE=0"
 
 GOTO getopts
 :help
 ECHO Flash image file to device, but leave existing system intact.
 ECHO.
-ECHO Usage: %SCRIPT_NAME% -f filename [-p PORT] [-P python]
+ECHO Usage: %SCRIPT_NAME% -f filename [-p PORT] [-P python] [--change-mode]
 ECHO.
 ECHO Options:
 ECHO     -f filename      The update .bin file to flash.  Custom to your device type and region. (required)
@@ -23,12 +24,15 @@ ECHO                      If not set, ESPTOOL iterates all ports (Dangerous).
 ECHO     -P python        Specify alternate python interpreter to use to invoke esptool. (default: python)
 ECHO                      If supplied the script will use python.
 ECHO                      If not supplied the script will try to find esptool in Path.
+ECHO     --change-mode    Attempt to place the device in correct mode. (1200bps Reset)
+ECHO                      Some hardware requires this twice.
 ECHO.
+ECHO Example: %SCRIPT_NAME% -p COM17 --change-mode
 ECHO Example: %SCRIPT_NAME% -f firmware-t-deck-tft-2.6.0.0b106d4-update.bin -p COM11
 GOTO eof
 
 :version
-ECHO %SCRIPT_NAME% [Version 2.6.1]
+ECHO %SCRIPT_NAME% [Version 2.6.2]
 ECHO Meshtastic
 GOTO eof
 
@@ -44,10 +48,13 @@ IF /I "%~1"=="-f" SET "FILENAME=%~2" & SHIFT
 IF "%~1"=="-p" SET "ESPTOOL_PORT=%~2" & SHIFT
 IF /I "%~1"=="--port" SET "ESPTOOL_PORT=%~2" & SHIFT
 IF "%~1"=="-P" SET "PYTHON=%~2" & SHIFT
+IF /I "%~1"=="--change-mode" SET "CHANGE_MODE=1"
 SHIFT
 GOTO getopts
 :endopts
 
+IF %CHANGE_MODE% EQU 1 GOTO skip-filename
+
 CALL :LOG_MESSAGE DEBUG "Checking FILENAME parameter..."
 IF "__!FILENAME!__"=="____" (
     CALL :LOG_MESSAGE DEBUG "Missing -f filename input."
@@ -77,6 +84,9 @@ IF "!FILENAME:update=!"=="!FILENAME!" (
     CALL :LOG_MESSAGE DEBUG "We are working with a *update* file. !FILENAME!"
 )
 
+:skip-filename
+SET "ESPTOOL_BAUD=1200"
+
 CALL :LOG_MESSAGE DEBUG "Determine the correct esptool command to use..."
 IF NOT "__%PYTHON%__"=="____" (
     SET "ESPTOOL_CMD=!PYTHON! -m esptool"
@@ -115,6 +125,12 @@ IF "__!ESPTOOL_PORT!__" == "____" (
 )
 CALL :LOG_MESSAGE INFO "Using esptool baud: !ESPTOOL_BAUD!."
 
+IF %CHANGE_MODE% EQU 1 (
+    @REM Attempt to change mode via 1200bps Reset.
+    CALL :RUN_ESPTOOL !ESPTOOL_BAUD! --after no_reset read_flash_status
+    GOTO eof
+)
+
 @REM Flashing operations.
 CALL :LOG_MESSAGE INFO "Trying to flash update "!FILENAME!" at OFFSET 0x10000..."
 CALL :RUN_ESPTOOL !ESPTOOL_BAUD! write_flash 0x10000 "!FILENAME!" || GOTO eof
@@ -135,6 +151,7 @@ EXIT /B %ERRORLEVEL%
 IF %DEBUG% EQU 1 CALL :LOG_MESSAGE DEBUG "About to run command: !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4"
 CALL :RESET_ERROR
 !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4
+IF %CHANGE_MODE% EQU 1 GOTO :eof
 IF %ERRORLEVEL% NEQ 0 (
     CALL :LOG_MESSAGE ERROR "Error running command: !ESPTOOL_CMD! --baud %~1 %~2 %~3 %~4"
     EXIT /B %ERRORLEVEL%
diff --git a/bin/device-update.sh b/bin/device-update.sh
index ae7b52ea2..c32b953e6 100755
--- a/bin/device-update.sh
+++ b/bin/device-update.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 
 PYTHON=${PYTHON:-$(which python3 python|head -n 1)}
+CHANGE_MODE=false
 
 # Determine the correct esptool command to use
 if "$PYTHON" -m esptool version >/dev/null 2>&1; then
@@ -17,14 +18,15 @@ fi
 # Usage info
 show_help() {
 cat << EOF
-Usage: $(basename $0) [-h] [-p ESPTOOL_PORT] [-P PYTHON] [-f FILENAME|FILENAME]
-Flash image file to device, leave existing system intact."
+Usage: $(basename $0) [-h] [-p ESPTOOL_PORT] [-P PYTHON] [-f FILENAME|FILENAME] [--change-mode]
+Flash image file to device, leave existing system intact.
 
     -h               Display this help and exit
     -p ESPTOOL_PORT  Set the environment variable for ESPTOOL_PORT.  If not set, ESPTOOL iterates all ports (Dangerous).
     -P PYTHON        Specify alternate python interpreter to use to invoke esptool. (Default: "$PYTHON")
     -f FILENAME      The *update.bin file to flash.  Custom to your device type.
-    
+    --change-mode    Attempt to place the device in correct mode. Some hardware requires this twice. (1200bps Reset)
+
 EOF
 }
 
@@ -41,6 +43,9 @@ while getopts ":hp:P:f:" opt; do
             ;;
         f)  FILENAME=${OPTARG}
             ;;
+	    --change-mode)
+            CHANGE_MODE=true
+            ;;
         *)
  	        echo "Invalid flag."
             show_help >&2
@@ -50,6 +55,11 @@ while getopts ":hp:P:f:" opt; do
 done
 shift "$((OPTIND-1))"
 
+if [[ $CHANGE_MODE == true ]]; then
+	$ESPTOOL_CMD --baud 1200 --after no_reset read_flash_status
+    exit 0
+fi
+
 [ -z "$FILENAME" -a -n "$1" ] && {
     FILENAME=$1
     shift
diff --git a/bin/org.meshtastic.meshtasticd.metainfo.xml b/bin/org.meshtastic.meshtasticd.metainfo.xml
index 30f684fef..40f86fb0b 100644
--- a/bin/org.meshtastic.meshtasticd.metainfo.xml
+++ b/bin/org.meshtastic.meshtasticd.metainfo.xml
@@ -87,6 +87,9 @@
   </screenshots>
 
   <releases>
+    <release version="2.6.11" date="2025-06-02">
+      <url type="details">https://github.com/meshtastic/firmware/releases?q=tag%3Av2.6.11</url>
+    </release>
     <release version="2.6.10" date="2025-05-25">
       <url type="details">https://github.com/meshtastic/firmware/releases?q=tag%3Av2.6.10</url>
     </release>
diff --git a/bin/web.version b/bin/web.version
index a4db534a2..e46a05b19 100644
--- a/bin/web.version
+++ b/bin/web.version
@@ -1 +1 @@
-2.5.3
\ No newline at end of file
+2.6.4
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 87e3aea9b..4b67eecd4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-meshtasticd (2.6.10.0) UNRELEASED; urgency=medium
+meshtasticd (2.6.11.0) UNRELEASED; urgency=medium
 
   [ Austin Lane ]
   * Initial packaging
@@ -16,4 +16,7 @@ meshtasticd (2.6.10.0) UNRELEASED; urgency=medium
   [  ]
   * GitHub Actions Automatic version bump
 
- --  <github-actions[bot]@users.noreply.github.com>  Sun, 25 May 2025 20:46:49 +0000
+  [  ]
+  * GitHub Actions Automatic version bump
+
+ --  <github-actions[bot]@users.noreply.github.com>  Mon, 02 Jun 2025 20:00:55 +0000
diff --git a/src/mesh/CryptoEngine.cpp b/src/mesh/CryptoEngine.cpp
index d32b73855..82d0a9f57 100644
--- a/src/mesh/CryptoEngine.cpp
+++ b/src/mesh/CryptoEngine.cpp
@@ -3,12 +3,17 @@
 #include "architecture.h"
 
 #if !(MESHTASTIC_EXCLUDE_PKI)
+#include "NodeDB.h"
 #include "aes-ccm.h"
 #include "meshUtils.h"
 #include <Crypto.h>
 #include <Curve25519.h>
+#include <RNG.h>
 #include <SHA256.h>
 #if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN)
+#if !defined(ARCH_STM32WL)
+#define CryptRNG RNG
+#endif
 
 /**
  * Create a public/private key pair with Curve25519.
@@ -18,6 +23,14 @@
  */
 void CryptoEngine::generateKeyPair(uint8_t *pubKey, uint8_t *privKey)
 {
+    // Mix in any randomness we can, to make key generation stronger.
+    CryptRNG.begin(optstr(APP_VERSION));
+    if (myNodeInfo.device_id.size == 16) {
+        CryptRNG.stir(myNodeInfo.device_id.bytes, myNodeInfo.device_id.size);
+    }
+    auto noise = random();
+    CryptRNG.stir((uint8_t *)&noise, sizeof(noise));
+
     LOG_DEBUG("Generate Curve25519 keypair");
     Curve25519::dh1(public_key, private_key);
     memcpy(pubKey, public_key, sizeof(public_key));
diff --git a/src/mesh/NodeDB.cpp b/src/mesh/NodeDB.cpp
index 28af7d308..0a79f94a8 100644
--- a/src/mesh/NodeDB.cpp
+++ b/src/mesh/NodeDB.cpp
@@ -261,7 +261,7 @@ NodeDB::NodeDB()
 
 #if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN || MESHTASTIC_EXCLUDE_PKI)
 
-    if (!owner.is_licensed) {
+    if (!owner.is_licensed && config.lora.region != meshtastic_Config_LoRaConfig_RegionCode_UNSET) {
         bool keygenSuccess = false;
         if (config.security.private_key.size == 32) {
             if (crypto->regeneratePublicKey(config.security.public_key.bytes, config.security.private_key.bytes)) {
diff --git a/src/modules/AdminModule.cpp b/src/modules/AdminModule.cpp
index 3ff4fa74d..4005222dc 100644
--- a/src/modules/AdminModule.cpp
+++ b/src/modules/AdminModule.cpp
@@ -661,6 +661,24 @@ void AdminModule::handleSetConfig(const meshtastic_Config &c)
         config.lora = c.payload_variant.lora;
         // If we're setting region for the first time, init the region
         if (isRegionUnset && config.lora.region > meshtastic_Config_LoRaConfig_RegionCode_UNSET) {
+            if (!owner.is_licensed) {
+                bool keygenSuccess = false;
+                if (config.security.private_key.size == 32) {
+                    if (crypto->regeneratePublicKey(config.security.public_key.bytes, config.security.private_key.bytes)) {
+                        keygenSuccess = true;
+                    }
+                } else {
+                    LOG_INFO("Generate new PKI keys");
+                    crypto->generateKeyPair(config.security.public_key.bytes, config.security.private_key.bytes);
+                    keygenSuccess = true;
+                }
+                if (keygenSuccess) {
+                    config.security.public_key.size = 32;
+                    config.security.private_key.size = 32;
+                    owner.public_key.size = 32;
+                    memcpy(owner.public_key.bytes, config.security.public_key.bytes, 32);
+                }
+            }
             config.lora.tx_enabled = true;
             initRegion();
             if (myRegion->dutyCycle < 100) {
diff --git a/version.properties b/version.properties
index 71de951f1..e13094769 100644
--- a/version.properties
+++ b/version.properties
@@ -1,4 +1,4 @@
 [VERSION]  
 major = 2
 minor = 6
-build = 10
+build = 11