You are right! I found many UEFI CA 2023 KEK in physical maschine which run linux or esxi. Also in vm which run linux. At the end of the days its only a certificate. Who give you this certificate is not important. It must be trusted. You can also...
The value in "WindowsUEFICA2023Capable" is not important. Its only a reference value.
You only need Event ID "1808" in Windows Event Log and "UEFICA2023Status" with value "Updated".
The screenshot below comes from original Micro$oft guidelines.
You should also check if the Event ID 1808 is existing in your Event Log.
Only this event confirms that all certificates and changes are completed.
Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-TPM-WMI'...
