fix(windows/build): revert to prompt boot image (no-prompt caused reinstall loop)

The no-prompt efisys + media-first boot order reboot-loops: every post-copy reboot
re-boots the media before the disk install completes, so it never finishes (symptom:
"no bootable device" after ejecting). Standard efisys.bin (press-any-key) lets reboots
fall through to the installed disk. Legacy-Setup boot.wim patch + /unattend retained
(the real fix). Documented VM-verified result + the residual one-click WinPE language
page in iso-builder.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

windows/installer/build.ps1

@@ -180,11 +180,14 @@ function Invoke-Brand { Write-Stage 'Stage 5: branding'; Write-Warning '   defer
 function Invoke-Repack {
     Write-Stage 'Stage 6: repack UEFI-bootable ISO (oscdimg)'
     $etfs = Join-Path $isoRoot 'boot\etfsboot.com'
-    # Prefer the no-prompt UEFI boot image so the ISO boots hands-off (no "press
-    # any key"); fall back to the prompt variant if absent.
-    $efi  = Join-Path $isoRoot 'efi\microsoft\boot\efisys_noprompt.bin'
-    if (-not (Test-Path $efi)) { $efi = Join-Path $isoRoot 'efi\microsoft\boot\efisys.bin' }
-    if (-not (Test-Path $efi)) { throw "missing UEFI boot image under efi\microsoft\boot\" }
+    # Use the STANDARD prompt boot image (efisys.bin). The no-prompt variant + a
+    # media-first boot order causes a reinstall LOOP: every post-copy reboot
+    # re-boots the media before the disk install completes, so it never finishes.
+    # The "press any key to boot from CD/USB" prompt lets reboots fall through to
+    # the installed disk. (Initial media boot = one keypress or a firmware boot-menu
+    # selection — expected for a USB-installed SKU.)
+    $efi  = Join-Path $isoRoot 'efi\microsoft\boot\efisys.bin'
+    if (-not (Test-Path $efi)) { throw "missing UEFI boot image: $efi" }
     # Work paths have no spaces (SYSTEM TEMP / runner temp), so omit oscdimg's
     # inner quotes around the boot images -- otherwise PowerShell mangles the
     # native -bootdata arg into doubled quotes (oscdimg Error 123).

windows/iso-builder.md

@@ -70,6 +70,10 @@ WinPE's winlogon launches whatever `HKLM\SYSTEM\Setup\CmdLine` holds; overriding
 
 **Rejected alternatives** (community-tested, unreliable): `winpeshl.ini` `[LaunchApp]` variants and the answer-file-embedded `RunSynchronous` reg trick (the latter only works if the answer file contains *nothing else*, else it reboot-loops WinPE).
 
+**Boot image — use the prompt variant.** Stage 6 uses the standard `efisys.bin` ("press any key to boot…"), *not* `efisys_noprompt.bin`. With a media-first boot order the no-prompt image causes a **reinstall loop** — every post-file-copy reboot re-boots the media before the disk install finishes. The prompt lets reboots fall through to the installed disk. Initial media boot is therefore one keypress (or a firmware boot-menu selection — expected for a USB-installed SKU; in an automated VM boot-test, eject the CD after the file-copy phase or send one key at start).
+
+**Verified end-to-end (VM, 2026-06-08):** with legacy Setup forced + `/unattend`, the answer file drives disk wipe/partition, edition, EULA, and image install **automatically** — Setup jumps straight to "Installing Windows." **Residual:** the single WinPE *language/keyboard* page still needs one click (the `International-Core-WinPE` settings do not reliably suppress it even under legacy Setup on 24H2 — a known, still-open item; everything after that page is hands-off).
+
 **Caveat:** this is ConX-specific behaviour that Microsoft may change in a future cumulative update / ADK refresh — re-verify against the exact base media before each batch. Sources: ElevenForum/NTLite 24H2–25H2 threads + MS Learn setup-automation docs (the Learn pages predate the redesign and describe only the legacy mechanism). Open question: whether MS later ships a supported way to pre-answer the ConX front-end.
 
 ## 4. Where each hardening control is applied