Updates boot file generation to use ADK BCDBoot

Addresses potential inconsistencies with Secure Boot servicing states by using the validated ADK toolset's BCDBoot instead of relying on the local OS installation. Passed ADK path and architecture parameters are now utilized to ensure boot binaries remain consistent across environments.

FFUDevelopment/BuildFFUVM.ps1

@@ -2781,11 +2781,25 @@ function Add-BootFiles {
         [string]$OsPartitionDriveLetter,
         [Parameter(Mandatory = $true)]
         [string]$SystemPartitionDriveLetter,
+        [Parameter(Mandatory = $true)]
+        [string]$AdkPath,
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('x86', 'x64', 'arm64')]
+        [string]$WindowsArch,
         [string]$FirmwareType = 'UEFI'
     )
 
-    WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`"..."
+    # Use the ADK copy of BCDBoot so the boot binaries come from the validated ADK toolset
-    Invoke-Process bcdboot "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null
+    # instead of the local OS installation, which can differ based on Secure Boot servicing state.
+    $bcdBootArchitecture = if ($WindowsArch -ieq 'arm64') { 'arm64' } else { 'amd64' }
+    $bcdBootPath = Join-Path $AdkPath "Assessment and Deployment Kit\Deployment Tools\$bcdBootArchitecture\BCDBoot\bcdboot.exe"
+
+    if (-not (Test-Path -Path $bcdBootPath)) {
+        throw "ADK BCDBoot was not found at $bcdBootPath"
+    }
+
+    WriteLog "Adding boot files for `"$($OsPartitionDriveLetter):\Windows`" to System partition `"$($SystemPartitionDriveLetter):`" using ADK BCDBoot at `"$bcdBootPath`"..."
+    Invoke-Process $bcdBootPath "$($OsPartitionDriveLetter):\Windows /S $($SystemPartitionDriveLetter): /F $FirmwareType" | Out-Null
     WriteLog "Done."
 }
 
@@ -3414,6 +3428,7 @@ function New-PEMedia {
         "en-us\WinPE-Scripting_en-us.cab",
         "WinPE-PowerShell.cab",
         "en-us\WinPE-PowerShell_en-us.cab",
+        "WinPE-SecureBootCmdlets.cab",
         "WinPE-StorageWMI.cab",
         "en-us\WinPE-StorageWMI_en-us.cab",
         "WinPE-DismCmdlets.cab",
@@ -5692,7 +5707,8 @@ If (Test-Path -Path "$FFUDevelopmentPath\dirty.txt") {
     Get-FFUEnvironment
 }
 WriteLog 'Creating dirty.txt file'
-New-Item -Path .\ -Name "dirty.txt" -ItemType "file" | Out-Null
+$dirtyFilePath = Join-Path -Path $FFUDevelopmentPath -ChildPath 'dirty.txt'
+New-Item -Path $dirtyFilePath -ItemType "file" | Out-Null
 
 # Early CLI prompt for additional FFUs (only if enabled and not provided)
 if ($BuildUSBDrive -and $CopyAdditionalFFUFiles -and ((-not $AdditionalFFUFiles) -or ($AdditionalFFUFiles.Count -eq 0))) {
@@ -7024,7 +7040,7 @@ try {
 
         WriteLog 'All necessary partitions created.'
 
-        Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1]
+        Add-BootFiles -OsPartitionDriveLetter $osPartitionDriveLetter -SystemPartitionDriveLetter $systemPartitionDriveLetter[1] -AdkPath $adkPath -WindowsArch $WindowsArch
     
         #Add Windows packages
         if ($UpdateLatestCU -or $UpdateLatestNet -or $UpdatePreviewCU ) {
@@ -7615,7 +7631,8 @@ else {
 }
 
 #Clean up dirty.txt file
-Remove-Item -Path .\dirty.txt -Force | out-null
+$dirtyFilePath = Join-Path -Path $FFUDevelopmentPath -ChildPath 'dirty.txt'
+Remove-Item -Path $dirtyFilePath -Force | out-null
 # Remove per-run session folder if present
 $sessionDir = Join-Path $FFUDevelopmentPath '.session'
 if (Test-Path -Path $sessionDir) { 

FFUDevelopment/BuildFFUVM_UI.ps1

@@ -293,9 +293,10 @@ $script:uiState.Controls.btnRun.Add_Click({
                 )
 
                 $startCleanupParams = @{
-                    FilePath     = $pwshPath
+                    FilePath         = $pwshPath
-                    ArgumentList = $cleanupArgs
+                    ArgumentList     = $cleanupArgs
-                    PassThru     = $true
+                    WorkingDirectory = $ffuDevPath
+                    PassThru         = $true
                 }
                 if ($Host.Name -eq 'ConsoleHost') {
                     $startCleanupParams['NoNewWindow'] = $true
@@ -455,9 +456,10 @@ $script:uiState.Controls.btnRun.Add_Click({
             }
 
             $startBuildParams = @{
-                FilePath     = $pwshPath
+                FilePath         = $pwshPath
-                ArgumentList = $pwshArgs
+                ArgumentList     = $pwshArgs
-                PassThru     = $true
+                WorkingDirectory = $config.FFUDevelopmentPath
+                PassThru         = $true
             }
             if ($Host.Name -eq 'ConsoleHost') {
                 $startBuildParams['NoNewWindow'] = $true

FFUDevelopment/Create-PEMedia.ps1

@@ -115,6 +115,7 @@ function New-PEMedia {
         "en-us\WinPE-Scripting_en-us.cab",
         "WinPE-PowerShell.cab",
         "en-us\WinPE-PowerShell_en-us.cab",
+        "WinPE-SecureBootCmdlets.cab",
         "WinPE-StorageWMI.cab",
         "en-us\WinPE-StorageWMI_en-us.cab",
         "WinPE-DismCmdlets.cab",