CET-SS hardware is now available from multiple vendors, and the feature has
downstream users.  Enable it by default.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
---
 xen/arch/x86/Kconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 83d0f317ecf9..06d6fbc86478 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -117,8 +117,8 @@ config HVM
 	  If unsure, say Y.
 
 config XEN_SHSTK
-	bool "Supervisor Shadow Stacks (EXPERT)"
-	depends on HAS_AS_CET_SS && EXPERT
+	bool "Supervisor Shadow Stacks"
+	depends on HAS_AS_CET_SS
 	default y
 	---help---
 	  Control-flow Enforcement Technology (CET) is a set of features in
-- 
2.11.0

On 09.03.2022 13:39, Andrew Cooper wrote:
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -117,8 +117,8 @@ config HVM
>  	  If unsure, say Y.
>  
>  config XEN_SHSTK
> -	bool "Supervisor Shadow Stacks (EXPERT)"
> -	depends on HAS_AS_CET_SS && EXPERT
> +	bool "Supervisor Shadow Stacks"
> +	depends on HAS_AS_CET_SS

We'll need to settle on whether to use your or Jürgen's variant.
As said there I'm in favor of his, but wouldn't mind this
alternative one.

Jan

On Wed, Mar 09, 2022 at 12:39:35PM +0000, Andrew Cooper wrote:
> CET-SS hardware is now available from multiple vendors, and the feature has
> downstream users.  Enable it by default.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

CET-IBT is already available out of EXPERT, so also having CET-SS
seems natural.

Thanks, Roger.