OK so I have a new setup with heads, is it normal to get a boot hash mismatch immediately after restarting with an updated dom0?
If there is a new kernel or Xen update, yes those files will change.
you must check if the modified files correspond to the update (I think they do) and use the usb security dongle to re-sign /boot
All this is intended (and that is precisely one of the security the system offers)
See also this:
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new