I got secure boot working fine with WIN10PE instead for now using these steps:
Download the "Windows ADK for Windows 10", version 2004 and "Windows PE add-on for the ADK, version 2004"
-https://go.microsoft.com/fwlink/?linkid=2120254
-https://go.microsoft.com/fwlink/?linkid=2120253
Note: ADK 10.1.25398.1 (Republished in January 2025) did not work with secure boot and I will retest later.
Run each setup and select the "download" option
Copy %userprofile%\Downloads\Windows Kits\10\*.* to USB
Go to your offline Windows 10 Machine
Uninstall Trellix Antivirus to be safe (Or disable)
Disable UAC
Browse to you USB
Install ADK\adksetup.exe
Leave default options and install it (You could uncheck everything except "Deployment Tools")
Install adkwinpeaddons\adkwinpesetup.exe and hit next until done.
Install "Symantec_Ghost_Standard_Tools_3_3_12.exe"
Run C:\Program Files (x86)\Symantec\Ghost\bootwiz\bootwiz.exe
Select WinPE 10.0 x64 and use the preinstalled ADK option (Press ctrl+o if needed to open preboot os files popup)
Select WinPE 10.0 x32 and use the preinstalled ADK option (Press ctrl+o if needed to open preboot os files popup)
Create "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers" folder
Copy custom drivers subfolders if you have any previous ones to "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers"
Example: "C:\Program Files (x86)\Symantec\Ghost\bootwiz\Platforms\Winpe10\x64\Drivers\custom\drivers\VMXNET3"
Create a config called "Win10"
Select the Windows PE 10.0 for the preboot operating system (Default if no others loaded), <all> OEM extensions, and click next
Check "Autodetect all device drivers" and click next
Leave DHCP selected and click next
SELECT:
WMI,WINPE-NETFX,WSH,HTA,ADO,WINPE-SECURESTARTUP,WINPE-ENHANCEDSTORAGE,WINPE-DISMCMDLETS,WINPE-PLATFORMID,WINPE-POWERSHELL,WINPE-SECURBOOTCMDLETS,WINPE-STORAGEWMI
Use arrows to match order above
then click next.
Click next on the details screen
Click complete and WAIT for it to create the folders in GUI
Under the "Win10" config
Right-click on "WIN10" config and "Create Boot Disk"
Select "ISO" , "NETWORK BOOT" , and "x64" then click NEXT
Example Boot Disk final output:
Path: C:\Program Files (x86)\Symantec\Ghost\bootwiz\iso-imgs\WinPE 10.0\x64\Win10.iso
Pre-boot OS: WinPE 10.0
Processor: x64
Media: iso
Task: network
Original Message:
Sent: Mar 13, 2025 10:10 AM
From: Scott Andreas
Subject: GSS 3.3r12 secure boot not working with my WIN11PE boot disk
Hello Real
First thing is if this is older hardware does it support windows 11 if it does not then chances are that winpe11 will not work.
If it does support windows 11 verify the order of which the winpe options were installed. This microsoft document show the dependencies of which the options should be installed: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference?view=windows-11. Use the up\down toggles in the options window to install the dependcies first. The order of install is dependencies should be at the top.
There is a method to see if the otions are being install in the correct order and that is with logging: here is a document to enable bootwiz logging: https://knowledge.broadcom.com/external/article/178699/how-to-enable-bootwiz-logging-for-ghost.html
Look for errors in the log file.
I always go back to the basics with winpe and use the default options then build the winpe envirionment. Also, as a test, turn off secure boot in the bios and see if it boots into winpe.
If you still are unable to get the winpe to run on the system please open a case with support to look into the issue further
------------------------------
Scott Andreas
Broadcom Technical Supprt
GSS\DS\ITMS
Original Message:
Sent: Mar 12, 2025 12:35 PM
From: RealGenius
Subject: GSS 3.3r12 secure boot not working with my WIN11PE boot disk
BIOS with secure boot enabled causes disk WIN11PE to crash.

Symantec_Ghost_Standard_Tools_3_3_12 using bootwiz.exe
Windows ADK= 10.1.26100.2454
Windows PE Addons = 10.1.26100.2454
Using bootwiz.exe. Created a config called "Win11"
Selected the Windows PE 11.0 for the preboot operating system, <all> OEM extensions, and click next
Checked "Autodetect all device drivers" and click next
Leave DHCP selected and click next
SELECTED : WMI,WSH,HTA,ADO,WINPE-ENHANCEDSTORAGE,WINPE-DISMCMDLETS,WINPE-SECURESTARTUP,WINPE-STORAGEWMI,WINPE-PLATFORMID,WINPE-SECURBOOTCMDLETS
Created using "ISO" and "NETWORK BOOT" then click NEXT
Question 1: Was there an option somewhere I forgot to check?
Question 2: Does secure boot work on an older ADK or maybe Windows PE 10.0 for the preboot operating system?