diff --git a/Library/OcBootManagementLib/ImageLoader.c b/Library/OcBootManagementLib/ImageLoader.c
index f804767e..c6448b57 100644
--- a/Library/OcBootManagementLib/ImageLoader.c
+++ b/Library/OcBootManagementLib/ImageLoader.c
@@ -78,6 +78,7 @@ STATIC EFI_HANDLE        mCurrentImageHandle;
 STATIC OC_IMAGE_LOADER_PATCH      mImageLoaderPatch;
 STATIC OC_IMAGE_LOADER_CONFIGURE  mImageLoaderConfigure;
 STATIC UINT32                     mImageLoaderCaps;
+STATIC EFI_HANDLE                 mImageLoaderCapsHandle;
 STATIC BOOLEAN                    mImageLoaderEnabled;
 
 STATIC BOOLEAN  mProtectUefiServices;
@@ -773,6 +774,8 @@ InternalEfiLoadImage (
   VOID        *AllocatedBuffer;
   UINT32      RealSize;
 
+  mImageLoaderCapsHandle = NULL;
+
   if ((ParentImageHandle == NULL) || (ImageHandle == NULL)) {
     return EFI_INVALID_PARAMETER;
   }
@@ -924,6 +927,8 @@ InternalEfiLoadImage (
     InternalUpdateLoadedImage (*ImageHandle, DevicePath);
   }
 
+  mImageLoaderCapsHandle = *ImageHandle;
+
   return Status;
 }
 
@@ -940,6 +945,13 @@ InternalEfiStartImage (
   OC_LOADED_IMAGE_PROTOCOL   *OcLoadedImage;
   EFI_LOADED_IMAGE_PROTOCOL  *LoadedImage;
 
+  if (  (mImageLoaderConfigure  != NULL)
+     && (ImageHandle != mImageLoaderCapsHandle))
+  {
+    DEBUG ((DEBUG_ERROR, "OCB: load/start unsupported ordering, %p != %p\n", ImageHandle, mImageLoaderCapsHandle));
+    return EFI_INVALID_PARAMETER;
+  }
+
   //
   // If we loaded the image, invoke the entry point manually.
   //