diff --git a/pkg/provisioning/auxdelete.go b/pkg/provisioning/auxdelete.go
index 9dc72751..d6c8d5f4 100644
--- a/pkg/provisioning/auxdelete.go
+++ b/pkg/provisioning/auxdelete.go
@@ -9,6 +9,9 @@ import (
 
 // DeleteAUXindexTPM20 deletes the AUX index on TPM 2.0
 func DeleteAUXindexTPM20(rw io.ReadWriter, pol *tools.LCPPolicy2, passHash []byte) error {
+	if !pol.ParsePolicyControl2().AuxDelete {
+		return fmt.Errorf("AuxDelete not set in LCP Policy")
+	}
 	err := WritePSIndexTPM20(rw, pol, passHash)
 	if err != nil {
 		return err
diff --git a/pkg/tools/lcp.go b/pkg/tools/lcp.go
index 18dfa1d8..215f0c92 100644
--- a/pkg/tools/lcp.go
+++ b/pkg/tools/lcp.go
@@ -378,20 +378,20 @@ type LCPPolicyData struct {
 // ParsePolicyControl TODO needs to be reverse engineered
 func (p *LCPPolicy) ParsePolicyControl() PolicyControl {
 	var polCtrl PolicyControl
-	polCtrl.NPW = (p.PolicyControl>>1)&1 != 0
-	polCtrl.SinitCaps = (p.PolicyControl>>2)&1 != 0
-	polCtrl.AuxDelete = (p.PolicyControl>>15)&1 != 0
-	polCtrl.OwnerEnforced = (p.PolicyControl>>3)&1 != 0
+	polCtrl.NPW = (p.PolicyControl>>0)&1 != 0
+	polCtrl.SinitCaps = (p.PolicyControl>>1)&1 != 0
+	polCtrl.AuxDelete = (p.PolicyControl>>31)&1 != 0
+	polCtrl.OwnerEnforced = (p.PolicyControl>>2)&1 != 0
 	return polCtrl
 }
 
 // ParsePolicyControl2 TODO needs to be reverse engineered
 func (p *LCPPolicy2) ParsePolicyControl2() PolicyControl {
 	var polCtrl PolicyControl
-	polCtrl.NPW = (p.PolicyControl>>1)&1 != 0
-	polCtrl.SinitCaps = (p.PolicyControl>>2)&1 != 0
-	polCtrl.AuxDelete = (p.PolicyControl>>15)&1 != 0
-	polCtrl.OwnerEnforced = (p.PolicyControl>>3)&1 != 0
+	polCtrl.NPW = (p.PolicyControl>>0)&1 != 0
+	polCtrl.SinitCaps = (p.PolicyControl>>1)&1 != 0
+	polCtrl.AuxDelete = (p.PolicyControl>>31)&1 != 0
+	polCtrl.OwnerEnforced = (p.PolicyControl>>2)&1 != 0
 	return polCtrl
 }