diff --git a/gnupg-2.2.16-secmem.patch b/gnupg-2.2.16-secmem.patch
new file mode 100644
index 0000000..22ac5c2
--- /dev/null
+++ b/gnupg-2.2.16-secmem.patch
@@ -0,0 +1,35 @@
+Index: gnupg-2.2.16/g10/gpg.c
+===================================================================
+--- gnupg-2.2.16.orig/g10/gpg.c
++++ gnupg-2.2.16/g10/gpg.c
+@@ -973,7 +973,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
+@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette
+   char *string;
+ 
+   if (maybe_setuid)
+-    gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++    gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+ 
+   indent = utf8_charcount (text, -1);
+   len = 0;
+Index: gnupg-2.2.16/sm/gpgsm.c
+===================================================================
+--- gnupg-2.2.16.orig/sm/gpgsm.c
++++ gnupg-2.2.16/sm/gpgsm.c
+@@ -533,7 +533,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
diff --git a/gpg2.changes b/gpg2.changes
index af0295a..670548f 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes <jsikes@suse.de>
+
+- Fix secure memory being disabled before fips checks in libgcrypt [boo#1137307]
+  * Added gnupg-2.2.16-secmem.patch
+
 -------------------------------------------------------------------
 Thu May 30 08:00:37 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/gpg2.spec b/gpg2.spec
index 6130623..0a1b0ae 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -36,6 +36,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        gnupg-2.2.16-secmem.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -87,6 +88,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218)
 
 %build