- Uninstall any separate instance of ControlVault Host Components in Programs and Features screen (restart)
- Downgrade the ControlVault firmware to 23.7.303.0 (restart)
- Log in as the DDPA admin Windows user (fortunately no longer a thing in DDPST).
- Run DDPA - should let you in now. Run a Reset - will require Windows account password, DDPA password and, if set, BIOS password (restart)
- Uninstall DDPA - mandatory before installing DDPST. This may error out at the ControlVault driver uninstall. (Restart)
- Install ControlVault Host Components, then uninstall DDPA again. It should go cleanly this time. (Restart)
- Install DDPST, then the latest ControlVault Host Components, then the latest USH firmware.
Tuesday, May 17, 2016
Removing Dell Data Protection | Access but "your USH firmware is out of date"
We use OPAL self encrypting drives on our laptops which used to be managed by DDPA, a Wave product that Dell rebadged. There is a security vulnerability in DDPA which Dell and Wave have decided they won't fix, since the current product is Dell Data Protection | Security Tools (DDPST). Unfortunately, there is no direct upgrade path, so it's necessary to run a reset within DDPA, uninstall, install DDPST and re-encrypt.
I've come across a couple of instances where opening DDPA to run a reset results in a message indicating that the USH firmware is out of date, and the user should go to dell.com to get a newer version. As best I can tell, this is because of poor version detection within DDPA - the firmware is up to date as is the ControlVault driver, it's just that DDPA can't contemplate versions with those revisions. I haven't been able to find a Dell or Wave article on point.
Here's the routine which has gotten me out of this and into DDPST. There are quite a few restarts involved.