diff --git a/90-default.preset b/90-default.preset
index 92129c2..b798587 100644
--- a/90-default.preset
+++ b/90-default.preset
@@ -37,17 +37,46 @@ enable ladvd.service
 # autostart, but shutdown after 2 mins and socket activated thereafter
 enable virtqemud.service
 
-# Compatibility with libvirtd sockets for old clients and expose TCP sockets
+# Sockets for the services listed above, to support socket activation
+# after the initial timeout
+enable virtqemud.socket
+enable virtqemud-ro.socket
+enable virtqemud-admin.socket
+
+# Compatibility with libvirtd sockets for old clients (socket activated
+# only when required). Note that the -tcp and -tls sockets are kept disabled
+# by default, as they require additional configuration before they can work
 enable virtproxyd.socket
+enable virtproxyd-ro.socket
+enable virtproxyd-admin.socket
 
 # Secondary drivers providing supporting functionality to main virtualization
-# drivers, socket activated only when required
+# drivers (socket activated only when required)
 enable virtinterfaced.socket
+enable virtinterfaced-ro.socket
+enable virtinterfaced-admin.socket
 enable virtnetworkd.socket
+enable virtnetworkd-ro.socket
+enable virtnetworkd-admin.socket
 enable virtnodedevd.socket
+enable virtnodedevd-ro.socket
+enable virtnodedevd-admin.socket
 enable virtnwfilterd.socket
+enable virtnwfilterd-ro.socket
+enable virtnwfilterd-admin.socket
 enable virtsecretd.socket
+enable virtsecretd-ro.socket
+enable virtsecretd-admin.socket
 enable virtstoraged.socket
+enable virtstoraged-ro.socket
+enable virtstoraged-admin.socket
+
+# Non-driver support services (socket activated only when required, no
+# read-only socket)
+enable virtlogd.socket
+enable virtlogd-admin.socket
+enable virtlockd.socket
+enable virtlockd-admin.socket
 
 # Storage
 enable multipathd.service
@@ -201,7 +230,7 @@ enable iscsi-onboot.service
 
 # Enable logrotate.timer
 # https://bugzilla.redhat.com/show_bug.cgi?id=1977865
-enable logrotate.timer 
+enable logrotate.timer
 
 # Enable greenboot
 # https://bugzilla.redhat.com/show_bug.cgi?id=2005552
@@ -222,6 +251,10 @@ enable low-memory-monitor.service
 # https://bugzilla.redhat.com/show_bug.cgi?id=2049627
 enable switcheroo-control.service
 
+# Enable clevis-luks-askpass.path
 # https://bugzilla.redhat.com/show_bug.cgi?id=2106811
 enable clevis-luks-askpass.path
 
+# Enable kernel-bootcfg-boot-successful.service
+# RHEL-21816
+enable kernel-bootcfg-boot-successful.service
diff --git a/almalinux-release.spec b/almalinux-release.spec
index db918be..dbe01f5 100644
--- a/almalinux-release.spec
+++ b/almalinux-release.spec
@@ -1,13 +1,13 @@
 %global distro  AlmaLinux
-%global release_name Shamrock Pampas Cat
+%global release_name Seafoam Ocelot
 %global major   9
-%global minor   3
-%global beta Beta
+%global minor   4
+%global eol_date 2032-06-01
 
 Name:           almalinux-release
 Epoch:          2
 Version:        %{major}.%{minor}
-Release:        0.4%{?dist}.rhel
+Release:        1%{?dist}.rhel
 Summary:        %{distro} release files
 License:        GPLv2
 URL:            https://almalinux.org
@@ -47,6 +47,8 @@ Source401:      alsecureboot001.cer
 Source402:      alsecureboot001.cer
 # Fwupd signing certificate
 Source403:      alsecureboot001.cer
+# UKI signing certificate
+Source404:      alsecureboot001.cer
 
 Source500:      almalinux-appstream.repo
 Source501:      almalinux-baseos.repo
@@ -68,6 +70,7 @@ Summary: %{distro} public secureboot certificates
 Group: System Environment/Base
 Provides: system-sb-certs = %{epoch}:%{version}-%{release}
 Provides: redhat-sb-certs = %{epoch}:%{version}-%{release}
+Provides: centos-sb-certs = %{epoch}:%{version}-%{release}
 
 %package -n almalinux-repos
 Summary:        %{distro} package repositories
@@ -146,6 +149,7 @@ ALMALINUX_MANTISBT_PROJECT="AlmaLinux-%{major}"
 ALMALINUX_MANTISBT_PROJECT_VERSION="%{major}.%{minor}"
 REDHAT_SUPPORT_PRODUCT="%{distro}"
 REDHAT_SUPPORT_PRODUCT_VERSION="%{major}.%{minor}%{?beta: %{beta}}"
+SUPPORT_END=%{eol_date}
 EOF
 
 # Create the symlink for /etc/os-release
@@ -213,42 +217,50 @@ install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-a
 install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer
 install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer
 install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer
+install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer
 
 # Install x86_64 certs
 install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer
 install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer
 install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer
 install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer
+install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer
 
 # Install ppc64le certs
 install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.cer
 install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer
 install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer
+install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer
 
 # Install s390x certs
 install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.cer
 install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer
+install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer
 
 # Link x86_64 certs
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-x86_64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-kernel-x86_64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-grub2-x86_64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-fwupd-x86_64.cer
+ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer
 
 # Link aarch64 certs
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-aarch64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-aarch64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-kernel-aarch64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-grub2-aarch64.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-fwupd-aarch64.cer
+ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer
 
 # Link ppc64le certs
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-ppc64le.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-kernel-ppc64le.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-grub2-ppc64le.cer
+ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer
 
 # Link s390x certs
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-s390x.cer
 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-kernel-s390x.cer
+ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-uki-virt-s390x.cer
 
 # copy yum repos
 install -d -m 0755 %{buildroot}%{_sysconfdir}/yum.repos.d
@@ -325,7 +337,13 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/
 
 
 %changelog
-<<<<<<< HEAD
+* Tue Apr 30 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 9.4-1
+- 9.4 stable
+
+* Tue Nov 07 2023 Andrew Lukoshko <alukoshko@almalinux.org> - 9.3-1
+- 9.3 stable
+
+>>>>>>> a9
 * Tue May 02 2023 Andrew Lukoshko <alukoshko@almalinux.org> - 9.2-1
 - 9.2 stable
 =======