From 9bacac8f3d2a3d841467c5240fb2623c0e462f96 Mon Sep 17 00:00:00 2001 From: rbalsleyMSFT <53497092+rbalsleyMSFT@users.noreply.github.com> Date: Tue, 10 Mar 2026 17:01:40 -0700 Subject: [PATCH 1/2] Fixes working directory handling Ensures build and cleanup processes run from the expected project location. Prevents temporary state files from being created or removed in the wrong folder, which avoids stale markers and cleanup failures when launched from the UI or another directory. --- FFUDevelopment/BuildFFUVM.ps1 | 6 ++++-- FFUDevelopment/BuildFFUVM_UI.ps1 | 14 ++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/FFUDevelopment/BuildFFUVM.ps1 b/FFUDevelopment/BuildFFUVM.ps1 index a640d51..a312c76 100644 --- a/FFUDevelopment/BuildFFUVM.ps1 +++ b/FFUDevelopment/BuildFFUVM.ps1 @@ -5692,7 +5692,8 @@ If (Test-Path -Path "$FFUDevelopmentPath\dirty.txt") { Get-FFUEnvironment } WriteLog 'Creating dirty.txt file' -New-Item -Path .\ -Name "dirty.txt" -ItemType "file" | Out-Null +$dirtyFilePath = Join-Path -Path $FFUDevelopmentPath -ChildPath 'dirty.txt' +New-Item -Path $dirtyFilePath -ItemType "file" | Out-Null # Early CLI prompt for additional FFUs (only if enabled and not provided) if ($BuildUSBDrive -and $CopyAdditionalFFUFiles -and ((-not $AdditionalFFUFiles) -or ($AdditionalFFUFiles.Count -eq 0))) { @@ -7615,7 +7616,8 @@ else { } #Clean up dirty.txt file -Remove-Item -Path .\dirty.txt -Force | out-null +$dirtyFilePath = Join-Path -Path $FFUDevelopmentPath -ChildPath 'dirty.txt' +Remove-Item -Path $dirtyFilePath -Force | out-null # Remove per-run session folder if present $sessionDir = Join-Path $FFUDevelopmentPath '.session' if (Test-Path -Path $sessionDir) { diff --git a/FFUDevelopment/BuildFFUVM_UI.ps1 b/FFUDevelopment/BuildFFUVM_UI.ps1 index 6f3b06c..7cf7144 100644 --- a/FFUDevelopment/BuildFFUVM_UI.ps1 +++ b/FFUDevelopment/BuildFFUVM_UI.ps1 @@ -293,9 +293,10 @@ $script:uiState.Controls.btnRun.Add_Click({ ) $startCleanupParams = @{ - FilePath = $pwshPath - ArgumentList = $cleanupArgs - PassThru = $true + FilePath = $pwshPath + ArgumentList = $cleanupArgs + WorkingDirectory = $ffuDevPath + PassThru = $true } if ($Host.Name -eq 'ConsoleHost') { $startCleanupParams['NoNewWindow'] = $true @@ -455,9 +456,10 @@ $script:uiState.Controls.btnRun.Add_Click({ } $startBuildParams = @{ - FilePath = $pwshPath - ArgumentList = $pwshArgs - PassThru = $true + FilePath = $pwshPath + ArgumentList = $pwshArgs + WorkingDirectory = $config.FFUDevelopmentPath + PassThru = $true } if ($Host.Name -eq 'ConsoleHost') { $startBuildParams['NoNewWindow'] = $true From 6c0ee8abc5d0472c2f9cb68df1e0efd5a3ee21b0 Mon Sep 17 00:00:00 2001 From: rbalsleyMSFT <53497092+rbalsleyMSFT@users.noreply.github.com> Date: Mon, 16 Mar 2026 11:19:08 -0700 Subject: [PATCH 2/2] Uses ADK BCDBoot to prevent issues with devices that have updated Secureboot certificates from using 2023 signed boot files --- FFUDevelopment/BuildFFUVM.ps1 | 22 +++++++++++++++---- .../WinPEDeployFFUFiles/ApplyFFU.ps1 | 2 +- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/FFUDevelopment/BuildFFUVM.ps1 b/FFUDevelopment/BuildFFUVM.ps1 index a312c76..6a197fb 100644 --- a/FFUDevelopment/BuildFFUVM.ps1 +++ b/FFUDevelopment/BuildFFUVM.ps1 @@ -464,7 +464,7 @@ param( [switch]$Cleanup ) $ProgressPreference = 'SilentlyContinue' -$version = '2603.1' +$version = '2603.2' # Remove any existing modules to avoid conflicts if (Get-Module -Name 'FFU.Common.Core' -ErrorAction SilentlyContinue) { @@ -2781,11 +2781,25 @@ function Add-BootFiles { [string]$OsPartitionDriveLetter, [Parameter(Mandatory = $true)] [string]$SystemPartitionDriveLetter, + [Parameter(Mandatory = $true)] + [string]$AdkPath, + [Parameter(Mandatory = $true)] + [ValidateSet('x86', 'x64', 'arm64')] + [string]$WindowsArch, [string]$FirmwareType = 'UEFI' ) - WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`"..." - Invoke-Process bcdboot "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null + # Use the ADK copy of BCDBoot so the boot binaries come from the validated ADK toolset + # instead of the local OS installation, which can differ based on Secure Boot servicing state. + $bcdBootArchitecture = if ($WindowsArch -ieq 'arm64') { 'arm64' } else { 'amd64' } + $bcdBootPath = Join-Path $AdkPath "Assessment and Deployment Kit\Deployment Tools\$bcdBootArchitecture\BCDBoot\bcdboot.exe" + + if (-not (Test-Path -Path $bcdBootPath)) { + throw "ADK BCDBoot was not found at $bcdBootPath" + } + + WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`" using ADK BCDBoot at `"$bcdBootPath`"..." + Invoke-Process $bcdBootPath "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null WriteLog "Done." } @@ -7025,7 +7039,7 @@ try { WriteLog 'All necessary partitions created.' - Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1] + Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1] -AdkPath $adkPath -WindowsArch $WindowsArch #Add Windows packages if ($UpdateLatestCU -or $UpdateLatestNet -or $UpdatePreviewCU ) { diff --git a/FFUDevelopment/WinPEDeployFFUFiles/ApplyFFU.ps1 b/FFUDevelopment/WinPEDeployFFUFiles/ApplyFFU.ps1 index 6e48255..77b5878 100644 --- a/FFUDevelopment/WinPEDeployFFUFiles/ApplyFFU.ps1 +++ b/FFUDevelopment/WinPEDeployFFUFiles/ApplyFFU.ps1 @@ -835,7 +835,7 @@ $LogFileName = 'ScriptLog.txt' $USBDrive = Get-USBDrive New-item -Path $USBDrive -Name $LogFileName -ItemType "file" -Force | Out-Null $LogFile = $USBDrive + $LogFilename -$version = '2603.1' +$version = '2603.2' WriteLog 'Begin Logging' WriteLog "Script version: $version"