Jump to content
NotebookTalk

Official Clevo X170KM-G Thread

electrosoft

By electrosoft
in Sager & Clevo

 Share

Recommended Posts

giltheone Enthusiast

giltheone

Posted
Posted (edited)

I did it! I managed to update the secure boot certificates --- manually in the BIOS, mind you. It took quite a bit of searching and reading, and even at the end I wasn't completely comfortable, but it turned out to be not that bad once everything was finished. And I still have Origin PC's BIOS, so no change was needed.

If anyone is having trouble with this, I could explain what I did in a bit more detail. It wasn't something I found in one particular webpage, and forget about YouTube videos --- they were all of very little help, if any. I had to piece together a bunch of information and download the required certificates from one site maintained by Microsoft. And even then, I had to fiddle around a bit with the downloaded files --- they required a change of extension, and figuring that out took me some time yesterday and most of today: that's part of what made me a bit nervous as I was updating the certificate keys, and that was just the last piece of the puzzle. I've been reading up for hours on end for the last couple of weeks, and I learned quite a bit. And it ended in success!!! Yippy!!!


Anyway, it's done. And here's the proof:

Screenshot 2026-06-04 205658-edit.png

Edited by giltheone
Minor rewording.
  • Thumb Up 1
  • Hands 1
  • Replies 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Mr. Fox
Mr. Fox

They probably do not, but the bottom line is that it is none of their business. I am glad it did not stop you and I feel bad for people that are so locked up with worry about voiding their warranty th

Sergey Muratov
Sergey Muratov

Hello everyone. A team of independent developers from Russia has started developing a bios for the clevo x170km. This is a new life for a laptop. Microcodes for PCH have been updated, the reaction spe

crossshot
crossshot

Hi guys, i'm also a refugee from the notebookreview forum. So i'll share here some stuff again. xmg_to_clevo_bios.zip is needed, when you want to remove the XMG bios entries (to return to Clevo

Posted Images

MightyMax Newbie

MightyMax

Posted
Posted

Congratulations on the secure boot win!   I've been poking around the weeks.

 

Do you remember the Microsoft website link and extension name change?    

 

I'm assuming you loaded the files from within the BIOS?

  • Thumb Up 1
smoothinize Rookie

smoothinize

Posted
Posted
On 6/5/2026 at 6:09 AM, giltheone said:

I did it! I managed to update the secure boot certificates --- manually in the BIOS, mind you. It took quite a bit of searching and reading, and even at the end I wasn't completely comfortable, but it turned out to be not that bad once everything was finished. And I still have Origin PC's BIOS, so no change was needed.

If anyone is having trouble with this, I could explain what I did in a bit more detail. It wasn't something I found in one particular webpage, and forget about YouTube videos --- they were all of very little help, if any. I had to piece together a bunch of information and download the required certificates from one site maintained by Microsoft. And even then, I had to fiddle around a bit with the downloaded files --- they required a change of extension, and figuring that out took me some time yesterday and most of today: that's part of what made me a bit nervous as I was updating the certificate keys, and that was just the last piece of the puzzle. I've been reading up for hours on end for the last couple of weeks, and I learned quite a bit. And it ended in success!!! Yippy!!!


Anyway, it's done. And here's the proof:

Screenshot 2026-06-04 205658-edit.png

 Wow! This is good news. Now I can revert to Origin BIOS. I might message you if things go south. 😁

  • Thumb Up 1
JordyJ3nkins Newbie

JordyJ3nkins

Posted
Posted
On 6/5/2026 at 4:09 AM, giltheone said:

I did it! I managed to update the secure boot certificates --- manually in the BIOS, mind you. It took quite a bit of searching and reading, and even at the end I wasn't completely comfortable, but it turned out to be not that bad once everything was finished. And I still have Origin PC's BIOS, so no change was needed.

If anyone is having trouble with this, I could explain what I did in a bit more detail. It wasn't something I found in one particular webpage, and forget about YouTube videos --- they were all of very little help, if any. I had to piece together a bunch of information and download the required certificates from one site maintained by Microsoft. And even then, I had to fiddle around a bit with the downloaded files --- they required a change of extension, and figuring that out took me some time yesterday and most of today: that's part of what made me a bit nervous as I was updating the certificate keys, and that was just the last piece of the puzzle. I've been reading up for hours on end for the last couple of weeks, and I learned quite a bit. And it ended in success!!! Yippy!!!


Anyway, it's done. And here's the proof:

Screenshot 2026-06-04 205658-edit.png

Fair play mate, could you explain how you managed this? Have been reading into this but am struggling so would appreciate the help! 

  • Thumb Up 1
JordyJ3nkins Newbie

JordyJ3nkins

Posted
Posted
On 6/16/2026 at 5:01 PM, smoothinize said:

So I flashed the latest Origin PC BIOS from their website and not encountered issues with the Secure Boot certificates. Maybe I'm kinda Forrest Gump lucky. 😄

 

image.thumb.png.c91cfbe5a7f46b85e1890abd4136633c.png

After seeing this, i checked my own machine and secure boot certificate updates have also been applied - I'm running XMG (1.07.09RTR6) weirdly i haven't made any updates nor changed my bios since asking for help in my previous post. Maybe windows are rolling out the updates but how would that work?

Screenshot 2026-06-18 145233.png

  • Thumb Up 1
giltheone Enthusiast

giltheone

Posted
Posted
On 6/10/2026 at 2:22 PM, MightyMax said:

Congratulations on the secure boot win!   I've been poking around the weeks.

 

Do you remember the Microsoft website link and extension name change?    

 

I'm assuming you loaded the files from within the BIOS?

Yes, I added the keys from the Secure Boot menu in the BIOS. I am not certain if it's necessary or not, but I think you may need to create an administrator password for the BIOS to let you do it.

The certificates are not directly linked on a website, they are linked in the documents accompanying the KEYS in binary form included in the microsoft website I mentioned: Microsoft binary KEYS, not the certificates --- you don't want the KEYS, you want the CERTIFICATES to add into the keys already in your Secure Boot section  in the BIOS. But the InsydeH20 BIOS won't recognize them, unless you change the extension. Change the extension of the files from .crt to .cer because otherwise the BIOS won't even see them.

Now, be careful, there are "signed" and not "signed" certificates --- the "signed" ones are NOT the ones you want, those are to be loaded at runtime after the computer has booted, and the point is to load the Secure Boot certificates as the computer is precisely booting, so you want the non-signed ones.

Also, depending on what you want, there are options to which kind of certificates to download. I opted for the "Microsoft and third party" certificates just in case I install a Linux distro that works with Secure Boot on the computer sometime in the future -- it's only the new certificates, it doesn't contain the ones that should already be in your system, and it's the most complete set, meaning that other than the old certificates, it has all the ones you want plus some others that you may want.

If that's good enough to you, I am putting the certificates I used in the attached ZIP file. They are in directories KEK and DB depending on which key they should be added to.

Hope this helps. I could write a more detailed explanation, but that would be a lot more lengthy than this post, and it would require a bit of time. Also, sorry for the late reply, but I have been a tad occupied at work.

Firmware.zip

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use