diff --git a/build/make-fs.sh b/build/make-fs.sh
index 2a7ad53..1978dc6 100755
--- a/build/make-fs.sh
+++ b/build/make-fs.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+set -e
 
 # Make a filesystem update bundle
 # Usage: make-fs input-filename
diff --git a/build/makefile b/build/makefile
index 2417f00..776cbc4 100644
--- a/build/makefile
+++ b/build/makefile
@@ -9,7 +9,8 @@ VPATH = ..
 
 CLI = makekey sign verify sig01 key01 hashfs zhashfs zdextract
 
-default: bios_verify.img $(CLI)
+#default: bios_verify.img $(CLI)
+default: $(CLI)
 
 cli: $(CLI)
 cli_shared: $(patsubst %,shared/%,$(CLI))
diff --git a/depends/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c b/depends/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c
index 19c7ff2..491bf52 100644
--- a/depends/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c
+++ b/depends/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c
@@ -9,6 +9,7 @@
  * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
  */
 #include "tomcrypt.h"
+#include <stdio.h>
 
 /**
   @file crypt_hash_is_valid.c
@@ -25,6 +26,8 @@ int hash_is_valid(int idx)
    LTC_MUTEX_LOCK(&ltc_hash_mutex);
    if (idx < 0 || idx >= TAB_SIZE || hash_descriptor[idx].name == NULL) {
       LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
+      fprintf(stderr, "bernie: idx=%d\n", idx);
+      fprintf(stderr, "bernie: name=%s\n", hash_descriptor[idx].name);
       return CRYPT_INVALID_HASH;
    }
    LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
diff --git a/depends/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c b/depends/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c
index b7fb59b..56361b0 100644
--- a/depends/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c
+++ b/depends/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c
@@ -9,6 +9,7 @@
  * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
  */
 #include "tomcrypt.h"
+#include <stdio.h>
 
 /**
   @file dsa_encrypt_key.c
@@ -54,6 +55,7 @@ int dsa_encrypt_key(const unsigned char *in,   unsigned long inlen,
     }
 
     if (inlen > hash_descriptor[hash].hashsize) {
+       fprintf(stderr, "bernie: inlen=%d, hashsize=%d\n", inlen, hash_descriptor[hash].hashsize);
        return CRYPT_INVALID_HASH;
     }
 
