diff --git a/files/usr/local/bin/firmwarecheck.sh b/files/usr/local/bin/firmwarecheck.sh
index 39815dcc..265afc8d 100755
--- a/files/usr/local/bin/firmwarecheck.sh
+++ b/files/usr/local/bin/firmwarecheck.sh
@@ -5,11 +5,20 @@
 
 include /lib/upgrade/
 
-if (eval platform_check_image "$*")
+if $(platform_check_image "$*" > /dev/null 2>&1)
 then
-	return 0;
-else
-	return 1;
+	json=$(/usr/libexec/validate_firmware_image "$*" 2> /dev/null)
+	if [ "$(echo "$json" | jsonfilter -e '@.value')" = "true" ]; then
+		return 0;
+	fi
+	if [ "$(echo "$json" | jsonfilter -e '@.tests.fwtool_signature')" = "false" ]; then
+		echo "firmware signature failed"
+		return 1;
+	fi
+	if [ "$(echo "$json" | jsonfilter -e '@.tests.fwtool_device_match')" = "false" ]; then
+		echo "firmware device match failed";
+		return 1
+	fi
 fi
-
-
+echo "platform check image failed";
+return 1
diff --git a/files/www/cgi-bin/admin b/files/www/cgi-bin/admin
index a6e04448..7e41ed83 100755
--- a/files/www/cgi-bin/admin
+++ b/files/www/cgi-bin/admin
@@ -348,9 +348,10 @@ if parms.button_ul_fw and nixio.fs.stat("/tmp/web/upload/file") then
         -- drop the page cache to take pressure off tmps when checking the firmware
         write_all("/proc/sys/vm/drop_caches", "3")
         -- check firmware header
-        if os.execute("/usr/local/bin/firmwarecheck.sh " .. tmpdir .. "/firmware > /dev/null 2>&1") ~= 0 then
+        local fcheck = capture("/usr/local/bin/firmwarecheck.sh " .. tmpdir .. "/firmware")
+        if fcheck ~= "" then
             fwout("Firmware CANNOT be updated")
-            fwout("firmware file is not valid")
+            fwout("firmware file is not valid: " .. fcheck)
             fw_install = false
             nixio.fs.remove(tmpdir .. "/firmware")
             if os.execute("/usr/local/bin/uploadctlservices restore > /dev/null 2>&1") ~= 0 then