From 448de1c570112ac1956021beeed17dae260be45b Mon Sep 17 00:00:00 2001 From: sysadmin Date: Mon, 8 Jun 2026 23:58:12 +0100 Subject: [PATCH] fix(windows/build): revert to prompt boot image (no-prompt caused reinstall loop) The no-prompt efisys + media-first boot order reboot-loops: every post-copy reboot re-boots the media before the disk install completes, so it never finishes (symptom: "no bootable device" after ejecting). Standard efisys.bin (press-any-key) lets reboots fall through to the installed disk. Legacy-Setup boot.wim patch + /unattend retained (the real fix). Documented VM-verified result + the residual one-click WinPE language page in iso-builder.md. Co-Authored-By: Claude Opus 4.8 --- windows/installer/build.ps1 | 13 ++++++++----- windows/iso-builder.md | 4 ++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/windows/installer/build.ps1 b/windows/installer/build.ps1 index 6208a27..d9f3eb5 100644 --- a/windows/installer/build.ps1 +++ b/windows/installer/build.ps1 @@ -180,11 +180,14 @@ function Invoke-Brand { Write-Stage 'Stage 5: branding'; Write-Warning ' defer function Invoke-Repack { Write-Stage 'Stage 6: repack UEFI-bootable ISO (oscdimg)' $etfs = Join-Path $isoRoot 'boot\etfsboot.com' - # Prefer the no-prompt UEFI boot image so the ISO boots hands-off (no "press - # any key"); fall back to the prompt variant if absent. - $efi = Join-Path $isoRoot 'efi\microsoft\boot\efisys_noprompt.bin' - if (-not (Test-Path $efi)) { $efi = Join-Path $isoRoot 'efi\microsoft\boot\efisys.bin' } - if (-not (Test-Path $efi)) { throw "missing UEFI boot image under efi\microsoft\boot\" } + # Use the STANDARD prompt boot image (efisys.bin). The no-prompt variant + a + # media-first boot order causes a reinstall LOOP: every post-copy reboot + # re-boots the media before the disk install completes, so it never finishes. + # The "press any key to boot from CD/USB" prompt lets reboots fall through to + # the installed disk. (Initial media boot = one keypress or a firmware boot-menu + # selection — expected for a USB-installed SKU.) + $efi = Join-Path $isoRoot 'efi\microsoft\boot\efisys.bin' + if (-not (Test-Path $efi)) { throw "missing UEFI boot image: $efi" } # Work paths have no spaces (SYSTEM TEMP / runner temp), so omit oscdimg's # inner quotes around the boot images -- otherwise PowerShell mangles the # native -bootdata arg into doubled quotes (oscdimg Error 123). diff --git a/windows/iso-builder.md b/windows/iso-builder.md index 47294e2..71c56e6 100644 --- a/windows/iso-builder.md +++ b/windows/iso-builder.md @@ -70,6 +70,10 @@ WinPE's winlogon launches whatever `HKLM\SYSTEM\Setup\CmdLine` holds; overriding **Rejected alternatives** (community-tested, unreliable): `winpeshl.ini` `[LaunchApp]` variants and the answer-file-embedded `RunSynchronous` reg trick (the latter only works if the answer file contains *nothing else*, else it reboot-loops WinPE). +**Boot image — use the prompt variant.** Stage 6 uses the standard `efisys.bin` ("press any key to boot…"), *not* `efisys_noprompt.bin`. With a media-first boot order the no-prompt image causes a **reinstall loop** — every post-file-copy reboot re-boots the media before the disk install finishes. The prompt lets reboots fall through to the installed disk. Initial media boot is therefore one keypress (or a firmware boot-menu selection — expected for a USB-installed SKU; in an automated VM boot-test, eject the CD after the file-copy phase or send one key at start). + +**Verified end-to-end (VM, 2026-06-08):** with legacy Setup forced + `/unattend`, the answer file drives disk wipe/partition, edition, EULA, and image install **automatically** — Setup jumps straight to "Installing Windows." **Residual:** the single WinPE *language/keyboard* page still needs one click (the `International-Core-WinPE` settings do not reliably suppress it even under legacy Setup on 24H2 — a known, still-open item; everything after that page is hands-off). + **Caveat:** this is ConX-specific behaviour that Microsoft may change in a future cumulative update / ADK refresh — re-verify against the exact base media before each batch. Sources: ElevenForum/NTLite 24H2–25H2 threads + MS Learn setup-automation docs (the Learn pages predate the redesign and describe only the legacy mechanism). Open question: whether MS later ships a supported way to pre-answer the ConX front-end. ## 4. Where each hardening control is applied