Deprecate old read-only root support.

[dmcilvaney]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• [x] The toolchain has been rebuilt successfully (or no changes were made to it)
• [x] The toolchain/worker package manifests are up-to-date
• [x] Any updated packages successfully build (or no packages were changed)
• [x] Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• [x] Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• [x] All package sources are available
• [x] cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• [x] LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
• [x] All source files have up-to-date hashes in the *.signatures.json files
• [x] sudo make go-tidy-all and sudo make go-test-coverage pass
• [x] Documentation has been updated to match any changes to the build system
• [x] If you are adding/removing a .spec file that has multiple-versions supported, please add @microsoft/cbl-mariner-multi-package-reviewers team as reviewer (Eg. golang has 2 versions 1.18, 1.21+)
• [x] Ready to merge

---

Summary

The new grub flow does not play well with our old dm-verity implementation. The ImageCustomizer tool supports creating verity images now, so lets just get rid of the old verity.

When we first added ReadOnlyVerityRoot to the config for Mariner 1.0 there was no support for dm-verity in systemd or dracut so we needed to build a custom solution. Those components now natively support dm-verity, so let's not re-invent the wheel.

For 3.0 GA just disable the config, a full clean-up can come after GA since we will have to roll back large parts of https://github.com/microsoft/azurelinux/pull/549 (72 files). Cleanup shouldn't be hard but it's a big bit of code to drop right before GA.

Change Log

• Setting ReadOnlyVerityRoot.Enable = true will result in an error.
• Remove unit tests that fail with this change
• Remove read-only-root-efi.json config.

Does this affect the toolchain?

NO

Associated issues

• https://microsoft.visualstudio.com/OS/_workitems/edit/51951945

Test Methodology

• Local builds of sudo make go-tools which runs imageconfigvalidator_test.go. I ensured it failed on read-only-root-efi.json
• sudo make image CONFIG_FILE=./imageconfigs/read-only-root-efi.json fails with (before removing config):

[dmcilvaney]

Can't say much if anyone is expecting to still use it, but if it's out before 3.0 GA, then I guess it's OK.

The code changes look good to me. I love removing code.:)

EFLOW does, but I've already reached out. MIC should be a reasonable replacement.