diff --git a/core/src/apps/base.py b/core/src/apps/base.py
index 85392a65dd..da887d2c42 100644
--- a/core/src/apps/base.py
+++ b/core/src/apps/base.py
@@ -664,6 +664,7 @@ def get_pinlocked_handler(
 
     async def wrapper(ctx: wire.Context, msg: wire.Msg) -> protobuf.MessageType:
         await unlock_device(ctx)
+        storage.cache.start_session()
         return await orig_handler(ctx, msg)
 
     return wrapper
@@ -696,13 +697,8 @@ async def handle_GetPassphraseState(
     from trezor.messages import PassphraseState
     from apps.common import passphrase, paths
 
-    # Check if client supports attach pin
-    (
-        hasattr(msg, "allow_create_attach_pin")
-        and msg.allow_create_attach_pin is not None
-    )
     if not device_is_unlocked():
-        await unlock_device(ctx, pin_use_type=2)
+        await unlock_device(ctx, pin_use_type=PinType.USER_AND_PASSPHRASE_PIN)
         session_id = storage.cache.start_session()
 
     from trezor.lvglui.scrs import fingerprints
@@ -759,13 +755,15 @@ async def handle_UnLockDevice(
 ) -> UnLockDeviceResponse:
     """Handle UnLockDevice message to unlock the device if needed."""
     if not config.is_unlocked():
-        await unlock_device(ctx, pin_use_type=2)
+        await unlock_device(ctx, pin_use_type=PinType.USER_AND_PASSPHRASE_PIN)
+        storage.cache.start_session()
 
     # Get current device state after unlock attempt
     from apps.common import passphrase
 
     unlocked = config.is_unlocked()
     unlocked_attach_pin = passphrase.is_passphrase_pin_enabled() if unlocked else False
+
     passphrase_protection = (
         storage.device.is_passphrase_enabled() if unlocked else False
     )
diff --git a/core/src/apps/homescreen/lockscreen.py b/core/src/apps/homescreen/lockscreen.py
index efca1e710d..21ca8dc45a 100644
--- a/core/src/apps/homescreen/lockscreen.py
+++ b/core/src/apps/homescreen/lockscreen.py
@@ -16,6 +16,7 @@ async def lockscreen() -> None:
     # to an unlocked state.
     try:
         await unlock_device()
+        storage.cache.start_session()
     except wire.PinCancelled:
         pass
 
diff --git a/core/src/apps/management/change_pin.py b/core/src/apps/management/change_pin.py
index ccc1a47f93..46a96fc311 100644
--- a/core/src/apps/management/change_pin.py
+++ b/core/src/apps/management/change_pin.py
@@ -50,7 +50,9 @@ async def change_pin(ctx: wire.Context, msg: ChangePin) -> Success:
         newpin = ""
 
     if newpin:
-        verified, usertype = config.check_pin(newpin, salt, PinType.PASSPHRASE_PIN)
+        verified, usertype = config.check_pin(
+            newpin, salt, PinType.PASSPHRASE_PIN_CHECK
+        )
         if usertype == PinResult.PASSPHRASE_PIN_ENTERED:
             return await error_pin_used(ctx)
 
diff --git a/core/src/apps/management/change_wipe_code.py b/core/src/apps/management/change_wipe_code.py
index 526df1fbd2..5468381abe 100644
--- a/core/src/apps/management/change_wipe_code.py
+++ b/core/src/apps/management/change_wipe_code.py
@@ -30,7 +30,9 @@ async def change_wipe_code(ctx: wire.Context, msg: ChangeWipeCode) -> Success:
 
     if not msg.remove:
         # Pre-check the entered PIN.
-        if config.has_pin() and not config.check_pin(pin, salt)[0]:
+        from apps.common.pin_constants import PinType
+
+        if config.has_pin() and not config.check_pin(pin, salt, PinType.USER_CHECK)[0]:
             await error_pin_invalid(ctx)
 
         # Get new wipe code.
diff --git a/core/src/apps/webauthn/fido2.py b/core/src/apps/webauthn/fido2.py
index 380fed6d10..10f910235f 100644
--- a/core/src/apps/webauthn/fido2.py
+++ b/core/src/apps/webauthn/fido2.py
@@ -663,6 +663,9 @@ async def verify_user(keepalive_callback: KeepaliveCallback) -> bool:
         trezor.pin.keepalive_callback = keepalive_callback
 
         await unlock_device()
+        import storage.cache
+
+        storage.cache.start_session()
         return True
     except Exception:
         return False
@@ -806,6 +809,9 @@ async def confirm_dialog(self) -> bool:
 
         try:
             await unlock_device()
+            import storage.cache
+
+            storage.cache.start_session()
             return True
         except Exception:
             return False
diff --git a/core/src/boot.py b/core/src/boot.py
index 482c2f1c41..8f701a688e 100644
--- a/core/src/boot.py
+++ b/core/src/boot.py
@@ -36,6 +36,7 @@ async def bootscreen() -> None:
             from apps.common.pin_constants import PinType
 
             await verify_user_pin(pin_use_type=PinType.USER_AND_PASSPHRASE_PIN)
+            storage.cache.start_session()
             storage.init_unlocked()
             loop.close(lvgl_task)
             return
diff --git a/core/src/trezor/lvglui/scrs/lockscreen.py b/core/src/trezor/lvglui/scrs/lockscreen.py
index d5db8f0c2c..bb2be8538b 100644
--- a/core/src/trezor/lvglui/scrs/lockscreen.py
+++ b/core/src/trezor/lvglui/scrs/lockscreen.py
@@ -191,6 +191,9 @@ def eventhandler(self, event_obj: lv.event_t):
                 from apps.base import unlock_device
 
                 workflow.spawn(unlock_device())
+                import storage.cache
+
+                storage.cache.start_session()
 
     def on_slide_up(self, event_obj: lv.event_t):
         code = event_obj.code
@@ -203,6 +206,9 @@ def on_slide_up(self, event_obj: lv.event_t):
                 from apps.base import unlock_device
 
                 workflow.spawn(unlock_device())
+                import storage.cache
+
+                storage.cache.start_session()
 
     def _load_scr(self, scr: "Screen", back: bool = False) -> None:
         lv.scr_load(scr)
diff --git a/core/src/trezor/uart.py b/core/src/trezor/uart.py
index 0746ae5337..d7b606dfbc 100644
--- a/core/src/trezor/uart.py
+++ b/core/src/trezor/uart.py
@@ -160,6 +160,10 @@ async def handle_fingerprint():
                             if __debug__:
                                 print(f"fingerprint unlock result {res}")
                             await base.unlock_device()
+                            import storage.cache
+
+                            storage.cache.start_session()
+
                         # await loop.sleep(2000)
                         return
                 else:
@@ -331,6 +335,9 @@ async def _deal_ble_pair(value):
     if not base.device_is_unlocked():
         try:
             await base.unlock_device()
+            import storage.cache
+
+            storage.cache.start_session()
         except Exception:
             await safe_reloop()
             workflow.spawn(utils.internal_reloop())
diff --git a/core/src/trezor/ui/layouts/lvgl/attach_to_pin.py b/core/src/trezor/ui/layouts/lvgl/attach_to_pin.py
index d3c257cf40..8b9285f6d8 100644
--- a/core/src/trezor/ui/layouts/lvgl/attach_to_pin.py
+++ b/core/src/trezor/ui/layouts/lvgl/attach_to_pin.py
@@ -198,20 +198,6 @@ async def show_attach_to_pin_window(ctx):
                                 if not save_result:
                                     return False
 
-                                # Convert passphrase pin to string if needed
-                                passphrase_pin_str = (
-                                    str(passphrase_pin)
-                                    if not isinstance(passphrase_pin, str)
-                                    else passphrase_pin
-                                )
-
-                                # Verify the pin
-                                pinstatus, result = config.check_pin(
-                                    passphrase_pin_str,
-                                    None,
-                                    PinType.USER_AND_PASSPHRASE_PIN,
-                                )
-
                                 # Show success message
                                 await show_passphrase_set_and_attached_to_pin_window(
                                     ctx