File grub2-efi-chainload-harder.patch of Package grub2.364

---
 grub-core/loader/efi/chainloader.c |   17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -835,16 +835,23 @@ grub_cmd_chainloader (grub_command_t cmd
 #ifdef SUPPORT_SECURE_BOOT
   /* FIXME is secure boot possible also with universal binaries? */
   if (debug_secureboot || (grub_secure_mode() && grub_secure_validate ((void *)address, fsize)))
-    {
-      grub_file_close (file);
-      grub_loader_set (grub_secureboot_chainloader_boot, grub_secureboot_chainloader_unload, 0);
-      return 0;
-    }
+    status = GRUB_EFI_SECURITY_VIOLATION;
+  else
 #endif
 
   status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
 		       boot_image, fsize,
 		       &image_handle);
+#ifdef SUPPORT_SECURE_BOOT
+  /* if it failed with security violation, force SB method! (bnc#887793) */
+  if (status == GRUB_EFI_SECURITY_VIOLATION)
+    {
+      grub_file_close (file);
+      grub_loader_set (grub_secureboot_chainloader_boot,
+		       grub_secureboot_chainloader_unload, 0);
+      return 0;
+    }
+#endif
   if (status != GRUB_EFI_SUCCESS)
     {
       if (status == GRUB_EFI_OUT_OF_RESOURCES)