@stormi
In regards to UEFI Secure boot in recent update.
from pool master host.
[19:09 xcp-ng-qhfpcnmb ~]# rpm -q varstored
varstored-1.2.0-3.4.xcpng8.3.x86_64
8.3 with varstored >= 1.2.0-3.4
Secure Boot is ready to use on new VMs without extra configuration. Simply activate Secure Boot on your VMs, and they will be provided with an appropriate set of default Secure Boot variables.
We will keep updating the default Secure Boot variables with future updates from Microsoft. If you don't want this behavior, you can lock in these variables by using the Manually Install the Default UEFI Certificates procedure.
So new vms nothing is needed to be done. But what about existing vms windows or linux? It it was stated I apologize if i missed it.