Apple Silicon Boot Security Policy

Hi,

I am wondering if anyone could help me understand how the new boot security policy options work on Apple Silicon Macs. This is when you boot into macOS Recovery and open the Startup Security Utility.

Specifically: I understand that policies are now applied on a 'per-startup volume' basis. Does this mean I can only set the security policy for a particular macOS installation after I install it? i.e. what happens if I want to install an older version of macOS that is no longer signed by Apple? How do I tell my Mac to set the policy to Reduced Security mode so I can do this?

Also, I'm aware that I can set the security policy to 'Permissive Security' by running csrutil disable from Terminal. This will turn off all secure boot signature checks. However, will this allow me to install third-party OS e.g. Linux? If this is like my first question, then surely this 'permissive security' mode would only apply to the current OS I apply it on. Therefore, this setting would have no effect on other OSes, which will continue to have secure boot enabled. Or am I wrong here?