diff --git a/scripts/build-iso.sh b/scripts/build-iso.sh
index 18b4de2..95e7bc4 100755
--- a/scripts/build-iso.sh
+++ b/scripts/build-iso.sh
@@ -1,25 +1,24 @@
 #!/bin/bash
 # Football ISO Build Script
 # Creates Debian 13 ISO with embedded preseed configuration
-# All work done in Docker container
+# ALL work done in Docker container - no host operations
 
 set -e
 
 BUILD_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 OUTPUT_DIR="$BUILD_DIR/output"
-ISO_DIR="$BUILD_DIR/scripts/iso-tmp"
 
 echo "================================================"
-echo "Football ISO Build"
+echo "Football ISO Build (Docker-only)"
 echo "================================================"
 echo ""
 
-# ============================================================================
-# Step 1: Download Debian ISO
-# ============================================================================
+# Create output directory only (everything else in Docker)
+mkdir -p "$OUTPUT_DIR"
 
-echo "[1/5] Downloading Debian 13 Netboot ISO..."
-mkdir -p "$ISO_DIR"
+# ============================================================================
+# Run entire build process in single Docker container
+# ============================================================================
 
 docker run --rm \
     --name football-iso-build \
@@ -27,99 +26,102 @@ docker run --rm \
     debian:trixie \
     bash -c '
         set -e
-        echo "Installing wget..."
+        
+        echo "================================================"
+        echo "Football ISO Build"
+        echo "================================================"
+        echo ""
+        
+        # ============================================================================
+        # Step 1: Download Debian ISO
+        # ============================================================================
+        
+        echo "[1/5] Downloading Debian 13 Netboot ISO..."
+        
+        # Create temporary directory inside container
+        ISO_DIR="/build/iso-tmp"
+        mkdir -p "$ISO_DIR"
+        cd "$ISO_DIR"
+        
+        # Install required tools
+        echo "Installing required tools..."
         apt-get update -qq
-        apt-get install -y -qq wget xorriso
-
+        apt-get install -y -qq wget xorriso rsync isolinux
+        
         echo ""
         echo "Downloading Debian 13.3.0 (trixie) Stable Netboot ISO..."
-        cd /build/iso-tmp
-
+        
         # Download Debian 13.3.0 (trixie) stable ISO
         wget -q --show-progress \
             -O debian-13.3.0-amd64-netinst.iso \
             https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.3.0-amd64-netinst.iso
-
+        
         echo ""
         echo "✅ ISO downloaded"
-        ls -lh /build/iso-tmp/*.iso
-    '
-
-echo ""
-echo "✅ Step 1 complete"
-echo ""
-
-# ============================================================================
-# Step 2: Extract ISO
-# ============================================================================
-
-echo "[2/5] Extracting ISO..."
-
-docker run --rm \
-    --name football-iso-extract \
-    -v "$BUILD_DIR:/build" \
-    debian:testing \
-    bash -c '
-        set -e
-        echo "Installing extraction tools..."
-        apt-get update -qq
-        apt-get install -y -qq xorriso rsync
-
+        ls -lh "$ISO_DIR"/*.iso
         echo ""
-        echo "Extracting ISO..."
-        cd /build/iso-tmp
+        echo "✅ Step 1 complete"
+        echo ""
+        
+        # ============================================================================
+        # Step 2: Extract ISO
+        # ============================================================================
+        
+        echo "[2/5] Extracting ISO..."
+        
+        echo "Extracting ISO contents..."
         mkdir -p extracted
-        xorriso -osirrox on -indev debian-13.3.0-amd64-netinst.iso \
-            -extract / extracted/
-
+        cd extracted
+        
+        xorriso -osirrox on \
+            -indev "$ISO_DIR/debian-13.3.0-amd64-netinst.iso" \
+            -extract / ./
+        
         echo ""
         echo "✅ ISO extracted"
         echo "Files in extracted:"
-        ls -la /build/iso-tmp/extracted/
-    '
-
-echo ""
-echo "✅ Step 2 complete"
-echo ""
-
-# ============================================================================
-# Step 3: Inject Preseed Configuration and Scripts
-# ============================================================================
-
-echo "[3/5] Injecting preseed configuration and scripts..."
-
-docker run --rm \
-    --name football-iso-preseed \
-    -v "$BUILD_DIR:/build" \
-    debian:stable \
-    bash -c '
-        set -e
+        ls -la | head -20
+        echo ""
+        echo "✅ Step 2 complete"
+        echo ""
+        
+        # ============================================================================
+        # Step 3: Inject Preseed Configuration and Scripts
+        # ============================================================================
+        
+        echo "[3/5] Injecting preseed configuration and scripts..."
+        
         echo "Copying preseed file..."
         cp /build/config/preseed.cfg /build/iso-tmp/extracted/preseed.cfg
-
+        
         echo ""
         echo "Copying verification and configuration scripts..."
-
-        # Create scripts directory on ISO
-        mkdir -p /build/iso-tmp/extracted/scripts
-        mkdir -p /build/iso-tmp/extracted/config
-
+        
+        # Create scripts and config directories on ISO
+        mkdir -p scripts config
+        
         # Copy scripts to ISO
-        cp /build/scripts/verify-system.sh /build/iso-tmp/extracted/scripts/
-        cp /build/config/disable-wifi-bt.sh /build/iso-tmp/extracted/config/
-        cp /build/config/security-config.sh /build/iso-tmp/extracted/config/
-        cp /build/config/football-first-boot.service /build/iso-tmp/extracted/config/
-
+        cp /build/scripts/verify-system.sh scripts/
+        cp /build/config/disable-wifi-bt.sh config/
+        cp /build/config/security-config.sh config/
+        cp /build/config/football-first-boot.service config/
+        
         # Make scripts executable
-        chmod +x /build/iso-tmp/extracted/scripts/verify-system.sh
-        chmod +x /build/iso-tmp/extracted/config/disable-wifi-bt.sh
-        chmod +x /build/iso-tmp/extracted/config/security-config.sh
-
+        chmod +x scripts/verify-system.sh
+        chmod +x config/disable-wifi-bt.sh
+        chmod +x config/security-config.sh
+        
         echo ""
         echo "Modifying boot menu to use preseed..."
-
-        # Update isolinux.cfg to auto-load preseed
-        cat > /build/iso-tmp/extracted/isolinux/isolinux.cfg << "EOF"
+        
+        # Create preseed-enabled boot entry
+        if [ -f isolinux/isolinux.cfg ]; then
+            echo "Updating isolinux.cfg..."
+            # Back up original
+            cp isolinux/isolinux.cfg isolinux/isolinux.cfg.bak
+            
+            # Add auto-install with preseed entry at top
+            cat > isolinux/isolinux-auto.cfg <<EOF
 default football
 timeout 5
 
@@ -143,41 +145,64 @@ label rescue
     kernel /install.amd/vmlinuz
     append vga=788 initrd=/install.amd/initrd.gz rescue/enable=true -- quiet
 EOF
+            
+            # Copy to main cfg
+            cp isolinux/isolinux-auto.cfg isolinux/isolinux.cfg
+            
+            echo "✅ Boot configuration updated"
+        fi
+        
+        # Update GRUB for UEFI boot
+        if [ -f boot/grub/grub.cfg ]; then
+            echo "Updating grub.cfg for preseed..."
+            cp boot/grub/grub.cfg boot/grub/grub.cfg.bak
+            
+            cat > boot/grub/grub-preseed.cfg <<EOF
+set timeout=5
+set default=0
 
+menuentry "Install Football Secure Access System" {
+    linux /install.amd/vmlinuz auto=true priority=critical file=/cdrom/preseed.cfg
+    initrd /install.amd/initrd.gz
+}
+
+menuentry "Manual Install" {
+    linux /install.amd/vmlinuz
+    initrd /install.amd/initrd.gz
+}
+EOF
+            
+            cp boot/grub/grub-preseed.cfg boot/grub/grub.cfg
+            
+            echo "✅ GRUB configuration updated"
+        fi
+        
         echo ""
         echo "✅ Preseed and scripts injected"
-        echo "Contents of ISO/scripts/:"
-        ls -la /build/iso-tmp/extracted/scripts/
+        echo "Contents of scripts/:"
+        ls -la scripts/
         echo ""
-        echo "Contents of ISO/config/:"
-        ls -la /build/iso-tmp/extracted/config/
-    '
-
-echo ""
-echo "✅ Step 3 complete"
-echo ""
-
-# ============================================================================
-# Step 4: Create ISO
-# ============================================================================
-
-echo "[4/5] Creating new ISO with preseed..."
-
-mkdir -p "$OUTPUT_DIR"
-
-docker run --rm \
-    --name football-iso-create \
-    -v "$BUILD_DIR:/build" \
-    debian:stable \
-    bash -c '
-        set -e
-        echo "Creating ISO..."
-        cd /build/iso-tmp/extracted
-
+        echo "Contents of config/:"
+        ls -la config/
+        echo ""
+        echo "✅ Step 3 complete"
+        echo ""
+        
+        # ============================================================================
+        # Step 4: Create New ISO
+        # ============================================================================
+        
+        echo "[4/5] Creating new ISO with preseed..."
+        
+        # Ensure output directory exists
+        mkdir -p /build/output
+        
+        # Create new ISO with preseed and scripts
         xorriso -as mkisofs \
             -r -V "Football Secure System" \
             -o /build/output/football-installer.iso \
-            -J -l -b isolinux/isolinux.bin \
+            -J -l \
+            -b isolinux/isolinux.bin \
             -c isolinux/boot.cat \
             -no-emul-boot \
             -boot-load-size 4 \
@@ -188,59 +213,64 @@ docker run --rm \
             -no-emul-boot \
             -isohybrid-gpt-basdat \
             .
-
+        
         echo ""
         echo "✅ ISO created"
         ls -lh /build/output/football-installer.iso
-    '
-
-echo ""
-echo "✅ Step 4 complete"
-echo ""
-
-# ============================================================================
-# Step 5: Verify ISO
-# ============================================================================
-
-echo "[5/5] Verifying ISO..."
-
-docker run --rm \
-    -v "$BUILD_DIR:/build" \
-    debian:trixie \
-    bash -c '
+        echo ""
+        echo "✅ Step 4 complete"
+        echo ""
+        
+        # ============================================================================
+        # Step 5: Verify ISO
+        # ============================================================================
+        
+        echo "[5/5] Verifying ISO..."
+        
         echo "ISO information:"
         file /build/output/football-installer.iso
         echo ""
         echo "ISO size:"
         ls -lh /build/output/football-installer.iso
         echo ""
-        echo "✅ ISO verified"
+        echo "✅ Step 5 complete"
+        echo ""
+        
+        # ============================================================================
+        # Cleanup
+        # ============================================================================
+        
+        echo "Cleaning up temporary directories..."
+        cd /build
+        rm -rf "$ISO_DIR"
+        
+        echo ""
+        echo "================================================"
+        echo "ISO BUILD COMPLETE"
+        echo "================================================"
+        echo ""
+        echo "Output file:"
+        echo "  📁 /build/output/football-installer.iso"
+        echo ""
+        echo "Usage:"
+        echo "  1. Write ISO to USB: sudo dd if=/build/output/football-installer.iso of=/dev/sdX bs=4M status=progress"
+        echo "  2. Boot from USB"
+        echo "  3. Installer will automatically use preseed configuration"
+        echo "  4. User only needs to provide:"
+        echo "     - Username"
+        echo "     - User password (min 12 chars, mixed case, numbers, special chars)"
+        echo "     - Root password (min 12 chars, mixed case, numbers, special chars)"
+        echo "     - Target disk for installation"
+        echo ""
+        echo "✅ BUILD COMPLETE!"
+        echo ""
     '
 
 echo ""
-echo "✅ Step 5 complete"
-echo ""
-
-# ============================================================================
-# Summary
-# ============================================================================
-
 echo "================================================"
-echo "ISO BUILD COMPLETE"
+echo "Build finished on host"
 echo "================================================"
 echo ""
-echo "Output file:"
-echo "  📁 $OUTPUT_DIR/football-installer.iso"
-echo ""
-echo "Usage:"
-echo "  1. Write ISO to USB: sudo dd if=$OUTPUT_DIR/football-installer.iso of=/dev/sdX bs=4M status=progress"
-echo "  2. Boot from USB"
-echo "  3. Installer will automatically use preseed configuration"
-echo "  4. User only needs to provide:"
-echo "     - Username"
-echo "     - User password (min 12 chars, mixed case, numbers, special chars)"
-echo "     - Root password (min 12 chars, mixed case, numbers, special chars)"
-echo "     - Target disk for installation"
-echo ""
-echo "✅ BUILD COMPLETE!"
+echo "ISO Location: $OUTPUT_DIR/football-installer.iso"
+ls -lh "$OUTPUT_DIR/football-installer.iso"
 echo ""